*

Offline Lord Dave

  • *
  • Posts: 7653
  • Grumpy old man.
    • View Profile
Amazon service lets them come inside
« on: October 25, 2017, 03:38:06 PM »
https://www.usatoday.com/story/tech/news/2017/10/25/new-amazon-key-lets-delivery-driver-leave-packages-inside-front-door/796780001/

Summary:
Buy a camera and digital lock and Amazon delivery drivers can open your front door from their phone app.  And you can watch it live.  All so they can deliver packages inside your home instead of putting them on the doorstep.


How long before it gets hacked?
If you are going to DebOOonK an expert then you have to at least provide a source with credentials of equal or greater relevance. Even then, it merely shows that some experts disagree with each other.

*

Offline Rushy

  • Planar Moderator
  • *****
  • Posts: 8569
    • View Profile
Re: Amazon service lets them come inside
« Reply #1 on: October 25, 2017, 08:36:15 PM »
It really depends on how the system is setup. The driver probably receives a one-time key that can open the lock to the next address on their delivery list. I doubt it's an app that can open any lock at any time. This would be about as vulnerable to hacking as a wireless car key, which is exceptionally difficult to spoof.

The kind of effort it would take to properly attack this kind of door lock exceeds the value of actually hacking the door lock, since everyone's lock would have to be attacked separately. The answer to "how long before this is hacked?" is possibly "never".


*

Offline Lord Dave

  • *
  • Posts: 7653
  • Grumpy old man.
    • View Profile
Re: Amazon service lets them come inside
« Reply #2 on: October 26, 2017, 05:48:04 AM »
It really depends on how the system is setup. The driver probably receives a one-time key that can open the lock to the next address on their delivery list. I doubt it's an app that can open any lock at any time. This would be about as vulnerable to hacking as a wireless car key, which is exceptionally difficult to spoof.

The kind of effort it would take to properly attack this kind of door lock exceeds the value of actually hacking the door lock, since everyone's lock would have to be attacked separately. The answer to "how long before this is hacked?" is possibly "never".
"The delivery person swipes a button in the app that sends a message up to the cloud, which sends a message down to the customer's Amazon-enabled smart lock. This allows the delivery person to swipe a button on the app that unlocks the door."

That to me sounds like both the app and the lock are hooked up to the internet.  Or it could be the same way key fobs work, as you said.
(Which I did not know until I looked it up.)

Still, allowing a server to have some access to open your door gives me pause.  Even if it requres a special app, a special device, and timing.
[/font]
« Last Edit: October 26, 2017, 01:43:57 PM by Lord Dave »
If you are going to DebOOonK an expert then you have to at least provide a source with credentials of equal or greater relevance. Even then, it merely shows that some experts disagree with each other.

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: Amazon service lets them come inside
« Reply #3 on: October 26, 2017, 09:15:21 AM »
"[color=rgba(0, 0, 0, 0.87)]the delivery person swipes a button in the app that sends a message up to the cloud, which sends a message down to the customer's Amazon-enabled smart lock. This allows the delivery person to swipe a button on the app that unlocks the door."[/color]
[color=rgba(0, 0, 0, 0.87)][/size][/color]
[color=rgba(0, 0, 0, 0.87)][/size]That to me sounds like both the app and the lock are hooked up to the internet.  Or it could be the same way key fobs work, as you said.[/color]
[color=rgba(0, 0, 0, 0.87)][/size](Which I did not know until I looked it up.)[/color]
[color=rgba(0, 0, 0, 0.87)][/size][/color]
[color=rgba(0, 0, 0, 0.87)][/size]Still, allowing a server to have some access to open your door gives me pause.  Even if it requres a special app, a special device, and timing.[/color]
DAAAAAAAVE

Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume

*

Offline Lord Dave

  • *
  • Posts: 7653
  • Grumpy old man.
    • View Profile
Re: Amazon service lets them come inside
« Reply #4 on: October 26, 2017, 11:28:36 AM »
What.  The.  Fuck?
I'll fix it when I'm at a pc.
If you are going to DebOOonK an expert then you have to at least provide a source with credentials of equal or greater relevance. Even then, it merely shows that some experts disagree with each other.

Rama Set

Re: Amazon service lets them come inside
« Reply #5 on: October 26, 2017, 12:18:07 PM »
Couldn’t the lock and smartphone exchange data via NFID? That would mean someone would have to be staking them out nearby and with a limited duration for the passcode it seems difficult to spoof, like Rishi said. You would need Amazon’s key gen algorithm or something.

*

Offline Lord Dave

  • *
  • Posts: 7653
  • Grumpy old man.
    • View Profile
Re: Amazon service lets them come inside
« Reply #6 on: October 26, 2017, 01:45:45 PM »
Couldn’t the lock and smartphone exchange data via NFID? That would mean someone would have to be staking them out nearby and with a limited duration for the passcode it seems difficult to spoof, like Rishi said. You would need Amazon’s key gen algorithm or something.
Absolutely.

Or some way to physically dis-engage the digital lock.

But you're right. What are the odds that a company with super sensitive information will ever have it's systems compromised?

If you are going to DebOOonK an expert then you have to at least provide a source with credentials of equal or greater relevance. Even then, it merely shows that some experts disagree with each other.

*

Offline Rushy

  • Planar Moderator
  • *****
  • Posts: 8569
    • View Profile
Re: Amazon service lets them come inside
« Reply #7 on: October 26, 2017, 03:01:49 PM »
There's no reason the lock itself needs access to the internet. I'd be surprised if that's the case, well, actually I wouldn't be, we have WiFi enabled lightbulbs, why not WiFi enabled locks too.

If it requires internet access then I really do doubt the security of the device.

*

Offline Pete Svarrior

  • e
  • Planar Moderator
  • *****
  • Posts: 16073
  • (◕˽ ◕ ✿)
    • View Profile
Re: Amazon service lets them come inside
« Reply #8 on: October 26, 2017, 04:51:45 PM »
I hope people start botnetting them together and using them to DDoS Twitter
Read the FAQ before asking your question - chances are we already addressed it.
Follow the Flat Earth Society on Twitter and Facebook!

If we are not speculating then we must assume