The Flat Earth Society

Other Discussion Boards => Technology & Information => Topic started by: Lord Dave on October 25, 2017, 03:38:06 PM

Title: Amazon service lets them come inside
Post by: Lord Dave on October 25, 2017, 03:38:06 PM

https://www.usatoday.com/story/tech/news/2017/10/25/new-amazon-key-lets-delivery-driver-leave-packages-inside-front-door/796780001/

Summary:
Buy a camera and digital lock and Amazon delivery drivers can open your front door from their phone app.  And you can watch it live.  All so they can deliver packages inside your home instead of putting them on the doorstep.


How long before it gets hacked?

Title: Re: Amazon service lets them come inside
Post by: Rushy on October 25, 2017, 08:36:15 PM

It really depends on how the system is setup. The driver probably receives a one-time key that can open the lock to the next address on their delivery list. I doubt it's an app that can open any lock at any time. This would be about as vulnerable to hacking as a wireless car key, which is exceptionally difficult to spoof.

The kind of effort it would take to properly attack this kind of door lock exceeds the value of actually hacking the door lock, since everyone's lock would have to be attacked separately. The answer to "how long before this is hacked?" is possibly "never".

Title: Re: Amazon service lets them come inside
Post by: Lord Dave on October 26, 2017, 05:48:04 AM

Quote from: Rushy on October 25, 2017, 08:36:15 PM

It really depends on how the system is setup. The driver probably receives a one-time key that can open the lock to the next address on their delivery list. I doubt it's an app that can open any lock at any time. This would be about as vulnerable to hacking as a wireless car key, which is exceptionally difficult to spoof.

The kind of effort it would take to properly attack this kind of door lock exceeds the value of actually hacking the door lock, since everyone's lock would have to be attacked separately. The answer to "how long before this is hacked?" is possibly "never".

"The delivery person swipes a button in the app that sends a message up to the cloud, which sends a message down to the customer's Amazon-enabled smart lock. This allows the delivery person to swipe a button on the app that unlocks the door."

That to me sounds like both the app and the lock are hooked up to the internet.  Or it could be the same way key fobs work, as you said.
(Which I did not know until I looked it up.)

Still, allowing a server to have some access to open your door gives me pause.  Even if it requres a special app, a special device, and timing.[/font]

Title: Re: Amazon service lets them come inside
Post by: Pete Svarrior on October 26, 2017, 09:15:21 AM

Quote from: Lord Dave on October 26, 2017, 05:48:04 AM

"[color=rgba(0, 0, 0, 0.87)]the delivery person swipes a button in the app that sends a message up to the cloud, which sends a message down to the customer's Amazon-enabled smart lock. This allows the delivery person to swipe a button on the app that unlocks the door."[/color]
[color=rgba(0, 0, 0, 0.87)][/size][/color]
[color=rgba(0, 0, 0, 0.87)][/size]That to me sounds like both the app and the lock are hooked up to the internet.  Or it could be the same way key fobs work, as you said.[/color]
[color=rgba(0, 0, 0, 0.87)][/size](Which I did not know until I looked it up.)[/color]
[color=rgba(0, 0, 0, 0.87)][/size][/color]
[color=rgba(0, 0, 0, 0.87)][/size]Still, allowing a server to have some access to open your door gives me pause.  Even if it requres a special app, a special device, and timing.[/color]

DAAAAAAAVE

(https://alccorting.files.wordpress.com/2013/02/shake-fist.jpg)

Title: Re: Amazon service lets them come inside
Post by: Lord Dave on October 26, 2017, 11:28:36 AM

What.  The.  Fuck?
I'll fix it when I'm at a pc.

Title: Re: Amazon service lets them come inside
Post by: Rama Set on October 26, 2017, 12:18:07 PM

Couldn’t the lock and smartphone exchange data via NFID? That would mean someone would have to be staking them out nearby and with a limited duration for the passcode it seems difficult to spoof, like Rishi said. You would need Amazon’s key gen algorithm or something.

Title: Re: Amazon service lets them come inside
Post by: Lord Dave on October 26, 2017, 01:45:45 PM

Quote from: Rama Set on October 26, 2017, 12:18:07 PM

Couldn’t the lock and smartphone exchange data via NFID? That would mean someone would have to be staking them out nearby and with a limited duration for the passcode it seems difficult to spoof, like Rishi said. You would need Amazon’s key gen algorithm or something.

Absolutely.

Or some way to physically dis-engage the digital lock.

But you're right. What are the odds that a company with super sensitive information will ever have it's systems compromised?

Title: Re: Amazon service lets them come inside
Post by: Rushy on October 26, 2017, 03:01:49 PM

There's no reason the lock itself needs access to the internet. I'd be surprised if that's the case, well, actually I wouldn't be, we have WiFi enabled lightbulbs, why not WiFi enabled locks too.

If it requires internet access then I really do doubt the security of the device.

Title: Re: Amazon service lets them come inside
Post by: Pete Svarrior on October 26, 2017, 04:51:45 PM

I hope people start botnetting them together and using them to DDoS Twitter