Slashdot Mirror

← Back to Stories (view on slashdot.org)

Amazon Key Flaw Could Let Rogue Deliverymen Disable Your Camera (wired.com)

Posted by msmash on from the how-about-that dept.

Security researchers claim to have discovered a flaw in Amazon's Key Service, which if exploited, could let a driver re-enter your house after dropping off a delivery. From a report: When Amazon launched its Amazon Key service last month, it also offered a remedy for anyone who might be creeped out that the service gives random strangers unfettered access to your home. That security antidote? An internet-enabled camera called Cloud Cam, designed to sit opposite your door and reassuringly record every Amazon Key delivery. Security researchers have demonstrated that with a simple program run from any computer in Wi-Fi range, that camera can be not only disabled, but frozen. A viewer watching its live or recorded stream sees only a closed door, even as their actual door is opened and someone slips inside. That attack would potentially enable rogue delivery people to stealthily steal from Amazon customers, or otherwise invade their inner sanctum. And while the threat of a camera-hacking courier seems an unlikely way for your house to be burgled, the researchers argue it potentially strips away a key safeguard in Amazon's security system. When WIRED brought the research to Amazon's attention, the company responded that it plans to send out an automatic software update to address the issue later this week.

106 comments

  1. So what? by Anonymous Coward · · Score: 3, Interesting

    If you're dumb enough to let random delivery workers into your house without you being present, you're asking for trouble. Security flaws or not, you're an idiot if you allow this. You're asking for trouble.

    1. Re: So what? by mschuyler · · Score: 1

      Consider moving.

      --
      How about a moderation of -1 pedantic.
    2. Re: So what? by Anonymous Coward · · Score: 0

      Great neighborhood you have there...

      You do know that there are ways to deal with this problem. 1. Arrange to pick up your delivery someplace. Amazon is offering delivery to a lock box in some areas and there are "pack and ship" places who will do this for you. 2. Arrange for your own lock box on your porch that delivery drivers can open, but only if you have the code... 3. Buy your stuff at brick and mortar stores directly.

    3. Re: So what? by Anonymous Coward · · Score: 0

      You would rather have your entire house burgled than one item taken off your doorstep?

    4. Re: So what? by Anonymous Coward · · Score: 0

      You would rather have your entire house burgled than one item taken off your doorstep?

      Maybe they would rather accept the very unlikely risk that the camera is exploited for a house burglary over the very likely risk of having your orders stolen off the doorstep.

    5. Re:So what? by ShanghaiBill · · Score: 1

      People already allow housekeepers and babysitters into their homes. How is this different?

    6. Re:So what? by ClickOnThis · · Score: 4, Insightful

      People already allow housekeepers and babysitters into their homes. How is this different?

      You get to interview them first?

      --
      If it weren't for deadlines, nothing would be late.
    7. Re: So what? by Anonymous Coward · · Score: 0

      You would probably know who the babysitter or housekeeper is, and therefore can do some vetting of that particular individual. You don't have the ability to check the background of the particular delivery person responsible for your package. Also, just because there is established precedent, does not mean that it's a wise idea.

    8. Re:So what? by DickBreath · · Score: 2

      Some people only allow in housekeepers while they are home. Others may interview housekeepers first before giving them a key, and insisting on the housekeeper being insured and/or bonded. The housekeeper probably has access to a very limited number of homes compared to an Amazon / FedEd / UPS / etc delivery boy. Having some kind of "master key" to a large number of homes gives the feeling of being less likely to get caught.

      As for babysitters, you are entrusting them with the care of another human(s), which is a much higher level of trust than with your home. Interviews. Background checks. Etc.

      With a housekeeper / babysitter, if you are burglarized, it is easier for police to investigate a very small pool of potential burglars. With an Amazon Key, how many people potentially had access to that key?

      With a known babysitter / housekeeper, hacking is probably not a likely way to get into your home. With an Amazon key, you are less sure about how many people have or can gain access to your home. (No matter what Amazon says.)

      --

      I'll see your senator, and I'll raise you two judges.
    9. Re: So what? by irrational_design · · Score: 1

      4. Put a honeypot Amazon box on the doorstep and wait across the street in a tree with a sniper rifle.

    10. Re: So what? by DontBeAMoran · · Score: 2

      4A. This only works if the thief is Winnie the Pooh.

      --
      #DeleteFacebook
    11. Re: So what? by EvilSS · · Score: 2

      4. Put a honeypot Amazon box on the doorstep and wait across the street in a tree with a sniper rifle.

      I actually did this after getting some packages stolen. Filled some old amazon boxes with garbage and set them on the porch. Well minus the sniper rifle, and plus some new security cameras. Unfortunately no one tried to steal it (or even checked it out before noticing the cameras.)

      --
      I browse on +1 so AC's need not respond, I won't see it.
    12. Re: So what? by HumanWiki · · Score: 1

      Unlikely???

      Given all the types out there that would absolutely abuse this, it's not unlikely. It's inevitable.

    13. Re: So what? by Khyber · · Score: 1

      "Great neighborhood you have there"

      This is highly common in affluent areas, actually. They tend to have stuff worth stealing. In fact, I'm looking at a memo sent out right now stating to be on the lookout for vehicles following postal vehicles or UPS/FedEx trucks (guess DHL's not on the watch-for list, good.)

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    14. Re: So what? by Anonymous Coward · · Score: 0

      Seems I've lost my tail again - Eeor

    15. Re: So what? by Anonymous Coward · · Score: 0

      Magnitude of the loss matters. People pay shit tons of money to protect against unlikely events that are devastating (like a home burglary) and care much less about small inconveniences (reporting a package missing to Amazon).

      So if you are dumb enough to accept a whole home burglary to prevent e-mailing a Amazon customer service rep then you might be mentally retarded (and I mean this literally, not as an insult).

    16. Re:So what? by Anonymous Coward · · Score: 0

      Racist thief!

    17. Re: So what? by gnick · · Score: 2

      ...if you are dumb enough to accept a whole home burglary to prevent e-mailing a Amazon customer service rep...

      It's not accepting a break-in. It's accepting a chance of a burglary. Guess what? There's already a chance that your house might be burgled. This (might) slightly increase that risk.

      It's not:
      (Cost of home burglary) > (Cost of porch burglary)
      It's:
      (Change in chance of home burglary)*(Cost of home burglary) ? (Chance of porch burglary)*(Cost of porch burglary)

      --
      He's getting rather old, but he's a good mouse.
    18. Re: So what? by Anonymous Coward · · Score: 0

      Murder in the first degree is the solution? You might wanna rethink that

    19. Re: So what? by Anonymous Coward · · Score: 0

      Do you know they were stolen? Or a delivery person said they delivered and you didn't receive them?

    20. Re: So what? by EvilSS · · Score: 1

      Do you know they were stolen? Or a delivery person said they delivered and you didn't receive them?

      I knew they were stolen. I was sent out of town at the last minute, and this was shortly after I had returned from another trip so I couldn't get another "vacation " hold with the various delivery services (you usually have a cooldown unfortunately). It was 4 deliveries from 3 different carriers during the week (it was my Amazon subscribe and save items helpfully showing up a week early), all gone when I got back home. So it was either the last carrier that took all of them (not out of the question) or someone came up after that last delivery and helped themselves. Or someone was coming by all week to steal them.

      My house is tucked away at the end of a long (about 900 feet) driveway and the front porch isn't visible until you are basically standing on it. Can't even see the packages from the driveway. Can't even see the house from the street. So I invested in some cameras after that. I was hoping to catch someone at least walking up to check. Even if they spotted the cameras and left I'd have a good idea why they were there.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    21. Re: So what? by MoaDweeb · · Score: 2

      It's Ok!

      Amazon will vet the delivery people, just like Uber.

      --
      New Zealanders are well balanced with a chip on each shoulder. One represents Australia, the other the rest of the world
    22. Re: So what? by LostMyBeaver · · Score: 1

      Dude... the beauty of the world of the internet is that people are bumping uglies and procreating everywhere these days.

      So that said... I think we need to sort out this mulatto thing. I mean seriously... black and white makes mulatto... then there's white and oriental, black and oriental, latino and ... you see where this is going. If we're going to come up with ice cream names for every time we mix some other flavors, we need to dump the mulatto thing.

      My wife and daughter are Coconut, I'm Cookie Dough, my son is Cookies and Cream. Mulatto can mean lots of things... you could be Cookies and Cream, or Rocky Road, or Coffee Delight. Probably the prettiest girl friend I ever had was Chocolate Fudge.

      So... next time you, me or anyone else with a real interest in accuracy fills out an American or British form (the two countries who actually ask...) when the field says "Race", we should find the most accurate Ben and Jerry's ice cream flavor to describe ourselves and write it in.

    23. Re: So what? by LostMyBeaver · · Score: 1

      Is it at all possible he considers that he doesn't like people saying bad things about French people?

    24. Re:So what? by LostMyBeaver · · Score: 1

      babysitter = neighbor's teenaged son or daughter who when they're not babysitting are either at school, playing video games, getting drunk and/or humping.

      Background check a babysitter? What the hell are you talking about? What kind of a neighborhood do you live in? Are you seriously planning on raising a kid where there are no other kids? Where will they go to school? There are teenagers needing cash everywhere. Make friends with a neighbor and ask them if they'd trust their pierce and tattooed teenaged brat with your offspring. If they say yeh... then you got a babysittter.

      If you asked me about my daughter... I'd be like... no chance... use my son instead, he's the nice one.

    25. Re:So what? by PingPongBoy · · Score: 1

      Dear Amazon,

      I heard that your goal is to cut delivery times, the target delivery time is one hour, is that right?

      Well, in all my days of dealing with technology, I noticed one very fast delivery mechanism. It is so fast and so simple.

      Seeing as how the delivery person is merely an interface between the storage and the home, there is already an existing technology that reduces the delivery interface. I'll bet you already know what that technology is, because you're incredibly smart. But for the other people on this forum, the technology is called "vending machine."

      The more things change, the more they stay the same.

      Economies of scale in Amazon fulfillment centers allow for efficient distribution of goods, beating traditional stores and vending machines (full of stuff no one seems to want). Yet the notion of having someone deliver purchases directly into my home seems to be over the top inefficient too. I wouldn't even touch the security risk with a ten foot pole attached to a cattle prod. The pendulum swings too far the other way, doesn't it? A possible middle may be numerous pickup centers where people can collect close to home.

      --
      Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
    26. Re:So what? by DickBreath · · Score: 1

      If you hire your neighbor's kid as a babysitter, then my point still stands that it is quite different than letting Amazon delivery into your home. You know the neighbor. You (presumably) know the kid.

      Yes. Background check and adult babysitter. You can live in a very nice neighborhood and still do this. Just because YOU live in a nice neighborhood doesn't mean that the babysitter is nice. Especially if hired by a service. I would also point out that some very bad people who do some very bad things come as a shock to everyone once they make national news. But they were such a nice neighbor! Who knew that they molested kittens while listening to Justin Bieber music! How awful! One of those things is almost as bad as the other!

      A babysitting service does the background check for you. Still, the real on-topic point here is that housekeepers and babysitters are VERY different than letting Amazon Random Delivery people into your home.

      --

      I'll see your senator, and I'll raise you two judges.
  2. I'd like to order two prostitutes please. by Anonymous Coward · · Score: 0

    Just have them let themselves in and come straight to the bedroom - I'm already tied up.

    1. Re:I'd like to order two prostitutes please. by Anonymous Coward · · Score: 0

      But a lot of the internet wants your unsecured Amazon camera ON for that.

    2. Re:I'd like to order two prostitutes please. by DickBreath · · Score: 2

      Your unsecured Amazon camera is probably already accessible to people who really want to access it.

      --

      I'll see your senator, and I'll raise you two judges.
  3. I'm shocked by Kierthos · · Score: 1

    Shocked to learn that such a "well thought out idea" like letting random strangers into your house to drop off a package via an automatic door unlocker and camera would have a security flaw.

    I mean, damn. What are the odds of this happening? Surely, Amazon would have tested this out before rolling out the system, instead of rushing it out the door in a mad grab for even more cash.

    Right?

    Right?

    --
    Mr. Hu is not a ninja.
    1. Re: I'm shocked by Anonymous Coward · · Score: 0

      To think these shitheads make $200k/year to come up with these "brilliant" ideas while they take over my city like cockroaches. If you visit Seattle nowadays you'd know AMZN people walk around like their shit doesn't stink. This "idea" sounds like something out of a college senior design project. Too many fucking aspies in this city with nothing better to do & not enough people with common sense to knock into their misshapen brains.

    2. Re: I'm shocked by Kierthos · · Score: 1

      I'm not saying every "Internet of Things" idea out of Amazon or Google (or whoever) these days is crap, though. But seriously, this one?

      Any service that allows people into a residence needs to have good security. And you can bet your ass that the one thing Amazon covered on this was their liability if something goes wrong. They might not be able to properly staff a testing department for this thing, but you can bet their lawyers earned some bucks removing any chance you could sue Amazon over someone exploiting this or any other design flaw that lets your house get burgled.

      --
      Mr. Hu is not a ninja.
    3. Re:I'm shocked by DickBreath · · Score: 1

      No. You are wrong. And you should NOT be shocked. Amazon would indeed rush this out without sufficient testing -- even without the motive of a grab for more cash. A more important concern you should have is whether Amazon has these people insured and/or bonded. Can access to your house be obtained by hacking Amazon or something the delivery person has? So do not assume the idea is well thought out, nor that even more security flaws won't be found.

      --

      I'll see your senator, and I'll raise you two judges.
    4. Re:I'm shocked by AntronArgaiv · · Score: 2

      Oh, I'm absolutely positive that Amazon takes no responsibility for the actions of the deliveryperson, who is an independent contractor, employed by a company not associated with Amazon. If they lift something from your house, Amazon will express their regrets, and that's about all you'll ever get from them.

      Heck, they've started using Amazon Logistics in my area now, and when the guy can't find my house, the order gets "lost". Then Amazon informs me that I'll need to re-place the order and they'll issue me a refund for the lost package in their own sweet time. Now, THAT's service!

    5. Re: I'm shocked by link-error · · Score: 1

          Not to mention, I have a security system that requires a code once the door is opened. No way I'll give an alternate access code to Amazon, which could be used at any other time as well. Even if I disable that code when I get home, I'm still vulnerable for the remainder of that day.

      --
      -Unresolved symbol? Byte me!
  4. deauth attack isn't news - wired sucks these days by Anonymous Coward · · Score: 0

    deauth attacks aren't new[s]

    this is why i and many others don't use wifi cameras

    wired editors should stop sniffing so much glue

  5. Actually the flaw is pretty bad by 93+Escort+Wagon · · Score: 4, Interesting

    The good: Amazon promises they'll be pushing out a patch this week.

    The bad: It's about as bad a failure mode as is possible: "Most disturbingly, Amazon's camera doesn't respond to that attack by going dark, or alerting the user that the camera is offline. Instead, it continues to show any live viewer—or anyone watching back a recording—the last frame the camera saw when it was connected."

    Okay, maybe there's a worse failure mode possible... if the camera, upon losing connectivity, also spontaneously caught fire and burned your house down.

    --
    #DeleteChrome
    1. Re:Actually the flaw is pretty bad by fluffernutter · · Score: 4, Insightful

      I'd say 'the bad' is that you never really know if every flaw is patched.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    2. Re:Actually the flaw is pretty bad by phantomfive · · Score: 4, Insightful

      I'd say 'the bad' is that you never really know if every flaw is patched

      No, you know the answer. The answer is No, they're not patched.

      --
      "First they came for the slanderers and i said nothing."
    3. Re:Actually the flaw is pretty bad by Aighearach · · Score: 1

      Okay, maybe there's a worse failure mode possible... if the camera, upon losing connectivity, also spontaneously caught fire and burned your house down.

      If that is actually worse or not might depend on if you keep your smoke detectors serviced, and have fire insurance...

    4. Re:Actually the flaw is pretty bad by Anonymous Coward · · Score: 0

      I don't get it. If it's a wifi camera, it can't be protected against being disabled, just send some deauth packets to it while you open the door....

    5. Re:Actually the flaw is pretty bad by magarity · · Score: 1

      if the camera, upon losing connectivity, also spontaneously caught fire and burned your house down.

      Is that before or after the thief who disabled it is able to get out?

    6. Re:Actually the flaw is pretty bad by swillden · · Score: 1

      I'd say 'the bad' is that you never really know if every flaw is patched.

      Sure you do.

      There will always be unpatched flaws. This is true of everything.

      On the other hand the probability that some deliveryman has access to an unknown 0day and is willing to use it to steal from you is quite low. Much lower than the probability that some random burglar is willing to break your window in order to steal from you. A regular stream of vulnerability reports like this is a good thing, because it means researchers are paying attention. It's better if the researcher practices responsible disclosure and you only hear about it after the vulnerability is patched, though.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    7. Re:Actually the flaw is pretty bad by fluffernutter · · Score: 1

      You're right, far more concerning that someone on the internet finds a 0day and puts your Amazon camera on some open website. Probably more likely than getting robbed at all. Good thinking.

      --
      Laws are rules for the court, but merely a bottom bar to hit for life. Think beyond laws in your actions always.
    8. Re:Actually the flaw is pretty bad by swillden · · Score: 1

      You're right, far more concerning that someone on the internet finds a 0day and puts your Amazon camera on some open website.

      No, I don't think that would be particularly likely. It would require a much deeper compromise of the device. And if someone had such a deep compromise, why would they bother using it to stream a picture of your front door? Well, maybe yours is much more interesting than mine.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    9. Re:Actually the flaw is pretty bad by Anonymous Coward · · Score: 0

      Seems like it would be very prudent to put a clock in frame of the camera so that it would be possible to tell when it was frozen. Something with a second hand or seconds display.

    10. Re:Actually the flaw is pretty bad by Anonymous Coward · · Score: 0

      Sounds to me like part of the flaw isn't in the camera itself, but in their "cloud". If the camera is disconnected, it is not what is displaying the last sent frame of video. In the end, the thing is wireless, no idea if it has an option to be hard wired. all it would take is a delivery guy carrying an run of the mill wifi jammer and this thing is offline no matter what software patches amazon is sending out.

    11. Re:Actually the flaw is pretty bad by nasch · · Score: 1

      Smoke detectors don't do any good if there's nobody home to hear them. Unless maybe your smoke detectors automatically call 911 like they do in office buildings, but that seems unlikely.

    12. Re:Actually the flaw is pretty bad by Aighearach · · Score: 1

      You missed the point; if you're not home, you're also not dying in the fire. That was why I talked about smoke detectors at all; if you're home and die in the fire, then you don't care about insurance! If you didn't die in the fire, then it is an insurance matter.

      If somebody robs you, and has a frozen-frame video to "prove" they were never there, then you could lose [whatever you have of value in your house] and you might not even have an insurance claim! You could even be threatened with making a false police report if nobody knew about the bug.

  6. last nail in the coffin by Anonymous Coward · · Score: 0

    This was hugely unpopular with the market anyway. This hole might have killed the product.

    EngrStudent

  7. Another problem with the Internet of Things by Ken_g6 · · Score: 1

    Hacking my door takes an axe.

    --
    (T>t && O(n)--) == sqrt(666)
    1. Re:Another problem with the Internet of Things by Anonymous Coward · · Score: 0

      Hacking my door takes an axe.

      I doubt that... Unless you have re-enforced your door, a shoulder or foot is all I'd need to get past your locks. Maybe even less than that. I've opened locked doors with nothing more that something flat and flexible like a laminated card.

    2. Re:Another problem with the Internet of Things by ctilsie242 · · Score: 2

      Shoulders are overrated. A boot is usually the best way, next to a door ram.

      Here in the US, front door physical security is piss-poor across the board, be it easily bumpable five-pin tumbler locks, doors that will fall to a stout kick because it only locks one point, doors with large windows, and so on. At best, if you want better, you buy a security screen door.

      The average European door has at least 3-4 point locking, cylinders that resist snapping, punching, and drilling, deadlocking, and a solid door jamb. A lot of Eastern European doors use an Italian brand of door lock, which uses lever locking, at least four rods near the door handle, and a number of points around the door for added security.

    3. Re:Another problem with the Internet of Things by Actually,+I+do+RTFA · · Score: 1

      You know, they make steel doors.

      --
      Your ad here. Ask me how!
    4. Re:Another problem with the Internet of Things by david_thornley · · Score: 1

      If the door proves too hard, the determined burglar smashes through the wall. If I'm going to be burgled, I'd rather forego the structural damage.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  8. Is the camera WiFi only? by fahrbot-bot · · Score: 1

    How about providing a *wired* (capable) camera. Many people might not use that, but I would be willing to run some CAT5 for extra security or, rather, confidence.

    --
    It must have been something you assimilated. . . .
    1. Re:Is the camera WiFi only? by Anonymous Coward · · Score: 0

      The reason is: They already have power over ethernet wired cameras.

    2. Re:Is the camera WiFi only? by psergiu · · Score: 1

      CAT5 ? To connect to your brand new 486DX 66Mhz PC ?
      Maybe you can just run two parallel iron wires and send long and short electrical signals over them.

      --
      1% APY, No fees, Online Bank https://captl1.co/2uIErYq Don't let your $$$ sit in a no-interest acct.
    3. Re:Is the camera WiFi only? by Anonymous Coward · · Score: 0

      CAT5 ? To connect to your brand new 486DX 66Mhz PC ? Maybe you can just run two parallel iron wires and send long and short electrical signals over them.

      Yes, CAT5.

      A lot of wired network devices still come with a 10/100 network card, and thus CAT6 would be overkill.

    4. Re:Is the camera WiFi only? by fahrbot-bot · · Score: 1

      CAT5 ? To connect to your brand new 486DX 66Mhz PC ?

      I have CAT5e [ which is what I meant by CAT5 - geesh (can one even easily buy just CAT5 anymore?) ] throughout my house and run my gigabit devices over it just fine Mr. Pedantic McSnobby.

      --
      It must have been something you assimilated. . . .
  9. Milk boxes, Ice boxes by WillAffleckUW · · Score: 2

    Look, stop trying to invent new tech.

    Most homes built until the 1980s had a box built into the porch next to the door, or a door built into the house next to the front door, that revealed a 2x2x2 area (sometimes larger) in which you could place things.

    It was opened by a key the delivery people had. And inside by a key the owner had (different door).

    It was used for ice deliveries, package deliveries, milk deliveries.

    Do that. Add a camera or sensor to that.

    Don't make the door to your house be open to delivery people. Give them a place, OUT OF SIGHT, to store things in that only you can pick up.

    SERIOUSLY!

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Milk boxes, Ice boxes by Aighearach · · Score: 1

      Look, stop trying to invent new tech.

      Most homes built until the 1980s had a box built into the porch next to the door, or a door built into the house next to the front door, that revealed a 2x2x2 area (sometimes larger) in which you could place things.

      ...

      SERIOUSLY!

      This is not actually true. "Seriously."

      The outside world really exists; order some dark sunglasses and in a few days after they're delivered, go outside and check! You'll find almost all the houses were built before the 1980s, and they don't have these boxes.

    2. Re:Milk boxes, Ice boxes by ClickOnThis · · Score: 1

      Came here to post this solution. You beat me to it. I grew up in a house that had a milk box. It was actually used for milk

      But what we need is something larger than a milk box. Maybe an outdoor shed that does double-duty as garden storage. Or maybe just use a garage if you have one?

      --
      If it weren't for deadlines, nothing would be late.
    3. Re:Milk boxes, Ice boxes by DontBeAMoran · · Score: 1

      Most homes built until the 1980s had a box built into the porch next to the door, or a door built into the house next to the front door, that revealed a 2x2x2 area (sometimes larger) in which you could place things.

      Maybe in the area where you live, but not around here (Canada).

      It's a good idea, though. Instead of this crappy "Amazon Key" crap with a camera, they should be selling the "Personal Amazon Box", something you secure to your house and that the delivery guy has access to. Not the whole fucking house.

      --
      #DeleteFacebook
    4. Re:Milk boxes, Ice boxes by WillAffleckUW · · Score: 1

      Actually, I've seen them in BC and Alberta, which are both in Canada.

      --
      -- Tigger warning: This post may contain tiggers! --
    5. Re:Milk boxes, Ice boxes by Anonymous Coward · · Score: 1

      Who says you can't do this? Just hack up an Amazon Key to open your special delivery box door instead of the front door. Then put a sign saying: "Amazon deliveries here" or something. It will work itself out and you'll properly receive the deliveries.

    6. Re:Milk boxes, Ice boxes by mysidia · · Score: 1

      "Personal Amazon Box", something you secure to your house and that the delivery guy has access to. Not the whole fucking house.

      Ah.... another thing for the HOA to complain about. The brighter the colors and the more flamboyant the Amazon branding on the large box, the better.

    7. Re:Milk boxes, Ice boxes by Anonymous Coward · · Score: 0

      My house was built in 1950. No box for ice or milk delivery. Ice delivery has never really been a thing here in the UK, and the milkman just leaves it in the doorstep. Only milk I've ever had go missing got stolen by blue tits, not people.

  10. Talk about your liability problems by Anonymous Coward · · Score: 0

    This screams liability issues I cannot believe Amazon lawyers would even allow such a terrible ideal. What about people who have home security installed, or a gated community, how about who is going to properly do background checks on all these minimum wage delivery drivers. You know Amazon isn't going to pay them much and exactly who do you think will apply for these positions? I live in a relatively crime free area and wouldn't think of allowing people into my home like this. I'd make other arrangements to get packages delivered.

    1. Re:Talk about your liability problems by Anonymous Coward · · Score: 0

      I'm sure there is a clause in the EULA that they are not responsible for anything that happens when you use this overwhelmingly stupid idea.

    2. Re:Talk about your liability problems by Aighearach · · Score: 1

      You don't comprehend liability.

      If you did, you'd be saying, "Golly, I wonder if their liability insurance rates went up over this!"

  11. great efforts by amira+mishnish · · Score: 0

    i think that greatefforts ,it contain many options .thank you

  12. I think you would be able to notice that by Anonymous Coward · · Score: 0

    Look at the pixels.

  13. One time code? by RhettLivingston · · Score: 1

    Note, I'd never use this, but...

    As I understood the plan originally, the code that they give the delivery person to open the door is a one-time code. So, if the would-be thief has no way to get in again, how is this a total failure? I'd also bet that both the usage time of the code and whether the door was left locked are both sent back to Amazon. They obviously have communication with the lock if they can set a one-time code.

    1. Re:One time code? by Anonymous Coward · · Score: 1

      Simple.

      * Set up your WiFi hacking equipment outside the front door, but don't do anything with it yet.
      * Indicate you're ready to do the delivery to Amazon.
      * Get your one time code.
      * Open the door.
      * Deliver the package normally.
      * Return to the door.
      * Close the door, but do NOT release the knob/latch (i.e. don't let the door relatch). This is possible with almost all doors that open on a latch, and will be visually indistinct from closing the door and letting it latch.
      * Activate your hacking gear outside the door, which you've conveniently got set up and ready to go because you planned ahead. This will stop the camera showing the door closed.
      * Re-open the door and burgle the place.
      * On leaving, let the door latch properly.

      The camera will show the delivery person arriving, performing the delivery, and (most importantly) leaving. It will show the door being closed, and will NOT show it being reopened. The camera "proves" the delivery person did nothing wrong.

    2. Re:One time code? by sinij · · Score: 1

      Getting inside the house is not an issue, crow bar will open most residential doors. The issue is information, or what door to open and when. Amazon delivery offers risk-free method to collect such information. Camera, even when working, does very little to stop you looking around.

    3. Re:One time code? by RhettLivingston · · Score: 2

      Smart locks are almost always dead-bolts and know whether or not the bolt was thrown. It should not report closed and locked if it isn't.

      Also, if you burgle the place on the same day, you're caught. It is extremely unlikely that the police won't be able to find further evidence given that they will know exactly who to look at. In addition, if they ever got away with it once, they won't get away with it again. They'd likely be fired just on the possibility that they committed the crime - firing does not require proof beyond reasonable doubt nor even weight of the evidence. And "reasonable doubt" is a much lower standard than what TV leads us to believe.

      Your other replier really has the only point that needs to be made, and the reason I'd never use this service. The concern with letting people into your home is not what they can steal that day, it is in the notes that they take and perhaps even sell to someone else for future use. Breaking into a home is trivially easy - so much so that having a key is of little extra value to the process. Knowing which home to break into is not so easy. Things have gotten so cheap today, that breaking into homes is almost a worthless endeavor. Few people have anything worth stealing. The pawn value on electronics is next to nothing. So, spotting the needle in the haystack is valuable.

  14. Jeff Bezos Will Always Watch You Poop by Hetero · · Score: 1

    See subject. Think about it. The religious people always joke about their omniscient deities watching everything, including you pooping. This, however, is far, FAR less of a stretch.

  15. Wireless "security" camera by Ichijo · · Score: 1

    Even after the flaw is fixed, what's to stop someone from jamming the wifi signal while they take everything you own?

    --
    Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    1. Re:Wireless "security" camera by Anonymous Coward · · Score: 0

      If you jam the WiFi before you open the door, the Amazon Key device will have no way to receive the authorization to open the door, so you're stuck outside.

      If you jam the WiFi to disable the camera after you open the door with the one-time key, you're (at a minimum) an EXTREMELY likely suspect to be the person who burgled the place.

      The point of the recording is NOT to prevent the delivery person from stealing things - that would be impossible. It's to give Amazon and the police the means to IDENTIFY that the delivery person was the one who stole things. "Hey, he showed up for a delivery, walked off camera for 5 minutes, and then left. Meanwhile, all my jewelry went missing." The delivery person KNOWS they can be identified as the person who was there, and the camera can demonstrate they did something they shouldn't.

      Amazon will know who the delivery driver was, so there's no point in trying to jam the camera to try and keep from being identified. Sure, having 5 minutes of static on the recording is less directly incriminating than being shown wandering off once you're in the house. But if a theft took place, it's not like the police can't put two and two together.

      Now, if you can come up with a way to FAKE unlock commands to the Amazon Key, then jamming the camera makes sense - nobody knows who you are, and blocking the recording makes sense. But absent that, they ALREADY know who was in the house.

    2. Re:Wireless "security" camera by mysidia · · Score: 1

      If you jam the WiFi to disable the camera after you open the door with the one-time key, you're (at a minimum) an EXTREMELY likely suspect

      Suppose you're not the delivery person, BUT some criminal who was following the delivery person. You see the delivery person open the door, so you immediately activate your jammer to stop the camera, then you ninja quietly sneak in the door and hide: waiting for the delivery person to drop the boxes off and leave, OR you stick something in the door that will stop the latch from securing, so when the delivery person closes the door and drives off: you have free reign.....

      Oh, but what if you were the delivery person? The possibility of this happening provides a potential way to deny having done anything wrong "The camera must have malfunctioned, but I didn't take anything....".

  16. Unencrypted Video foolishness by charliemerritt03 · · Score: 2

    I just got and am returning an Arlo camera system from Net Gear. Good hardware HORRIBLE implementation -- like most IOT. It doesn't come with a package that unlocks the door... But is is another example of (video and sound!) sensitive data being sent out over the Internet without the average consumer even having an idea that they have just 'bugged' their own home. If products have warnings about kids suffocating on the wrapper, why don't these IOT gadgets have warnings like: Caution Do not point camera at potentially embarrassing situations or rely on it to perform alarm services when most needed ? As a bonus there is an Internet inserted 10 second delay using it as a simple video doorbell.

    1. Re:Unencrypted Video foolishness by Kierthos · · Score: 1

      It should be assumed that any voice activated "Internet of Things" device is recorded your commands/queries/whatever for transmission back to the company that sells the device. These days, there's no way any company is going to pass up the opportunity to accumulate big data on their customers.

      --
      Mr. Hu is not a ninja.
  17. Other way around please by Anonymous Coward · · Score: 2, Insightful

    Why not give everyone a key to the Amazon warehouse. I'm sure if Amazon has good enough security and tracking, it's users can be trusted.

    Amazon wants me to trust them, why doesn't Amazon trust me?

    Why can't Amazon ship me stuff while awaiting payment, why don't they take cheques? promissory notes? trades?

  18. Re:OT: Mozilla Foundation should cease to exist by omnichad · · Score: 1

    Go ahead and install an older version and disable updates. Then fork it and backport security fixes and feature updates yourself. Complaining isn't going to solve anything.

  19. Just unplug it by JDShewey · · Score: 2

    I don't see how this is different than the delivery man simply reaching over and unplugging the Camera's data or power cable. Not sure how Amazon is going to patch that...

  20. they did something like this in the movie speed by Joe_Dragon · · Score: 1

    they did something like this in the movie speed.

  21. criminal liability by Joe_Dragon · · Score: 1

    criminal liability is still an issue that no EULA can't take away.

  22. Who would sign up for that anyway? by Robert+Goatse · · Score: 1

    Full disclosure: I'm a big Amazon fan and love my Prime subscription.

    Who, honestly, would think it's a good idea to let delivery drivers INTO YOUR HOUSE? In what Mayberry-like universe is this a good idea? I'm perfectly fine with UPS or whoever leaving the package at the side garage or at the front door. In no shape or form do I want or need a driver depositing the package in my foyer. I get all of the IoT madness but this is extremely over the top and doesn't come remotely close to a good idea.

  23. could be brute forced also by roc97007 · · Score: 1

    The wifi signal could be swamped out by a strong enough transmitter, also. Wifi security cameras are convenient and easy to set up (I have a couple) but may not be appropriate for the most sensitive locations. My doorway cam is hard wired to a computer in the garage. To foil a physical brute force attack (break into the house and steal the surveillance computer) the computer emails me and puts the clip on dropbox when the motion sensor trips. Even that isn't a perfect solution, but at some point you have to say "good enough".

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
  24. Human Flaw Could Let Rogue Deliverymen Kill You by Anonymous Coward · · Score: 0

    June 14th, UPS center in San Francisco.

  25. Be careful of this one by Anonymous Coward · · Score: 0

    Window flaw can allow hacker to break glass and open window

  26. Never invade the inner sanctum by Anonymous Coward · · Score: 0

    > or otherwise invade their inner sanctum.

    Oh no, don't do that! When you invade the inner sanctum, all sorts of weird stuff starts happening. Dead people turn up, people hallucinate, they get framed for murder, they get caught up in all sorts of strange plot twists. And all the photos sitting on the mantle start to look like Lon Chaney.

    Do not invade the inner sanctum!

  27. Rogue Deliveryman, WTF? by Thud457 · · Score: 1

    Deliveryman doesn't seem like a legal subclass of Rogue.
    Actually, I don't see a good fit, let's call them Rangers.

    But back to our original discussion, what class do we put bicycle repairman under?

    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff

  28. "Security Researchers" by SCVonSteroids · · Score: 1

    So they've done their job. Amazon should fix it. The researchers should continue to do their job. Amazon should keep fixing what they find.

    Isn't that the whole point? No software is perfect, even through rigorous QA, shit gets through. Sure, it's broken, people can exploit it. So Amazon should fix it.
    You need a criminal who's smart enough and desperate enough to try and pull this off. If you're seriously worried about this, add your own camera and DON'T connect it to the internet. Your paranoia has just been solved.

    It's technology. People are going to break it. Fuck. Cmon people, it's 2017.

    --
    I tend to rant.
  29. Bad solution by JustAnotherOldGuy · · Score: 1

    This whole "let some random guy into your home" thing is just a terrible idea.

    If Amazon would let people put a sturdy locker on their property that could (theoretically) only be opened by a driver making deliveries, I'd be much more inclined to go with something like that as a solution. Fasten it securely to something and the worst that could happen is the locker itself is stolen.

    But letting some rando into my home to drop shit off is NEVER EVER going to happen, period. NE-VER.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  30. Re:OT: Mozilla Foundation should cease to exist by LostMyBeaver · · Score: 1

    You isn't that smart... is you?

    So you're someone who is able to install an extension or add-on but not smart enough to switch to an earlier browser?

    NoScript is out of date and provides a false sense of security. Though I understand the way it works is really quite nice for people surfing unusual pornographic sites with click bait everywhere. So I can understand why you might be intrigued by such a program.

    Writing a web extension like NoScript is quite simple. If it's so important to you, then maybe I can recommend writing a replacement.

    As for security.... if you understood computer security and web technologies, you'd understand why the removal of legacy extension support is so important.

    Honestly, you need an extension that prevents the user from posting on forums.

    BTW while I have close friends that feed their families from the Mozilla foundation and used to work with them daily on similar projects, I have no association the foundation. I love what they do and I think one day I may even consider trying their browser again.

  31. Automatic caged paths by LostMyBeaver · · Score: 1

    the solution to this problem is an add-on to the Amazon Echo that makes it so that when the delivery guy unlocks the door, then steal bar cages immediately create a secured path between the door and the kitchen table and refrigerator. I would recommend a few altered Sony Aibos with teeth to follow and guard the criminal closely.