Knock, knock. Who’s there? Another Amazon Key door-lock hack
The researcher, who's identifying himself only as MG, claimed over the weekend to have found a way to break Amazon Key using a Raspberry Pi equipped with a battery pack and wireless dongle. In a video, he showed himself as a mock hacker, planting the Pi in a hidden location on a doorstep. A fake delivery man then turns up with a package, opens the door using his Amazon Key app and delivers the parcel, before apparently locking the door and leaving. It is, of course, not locked. And the sound of the lock closing is just a fake audio file. When the hacker returns, he's able to just walk right in.
MG won't be releasing the full technical details of the hack until the Key app is patched, though Amazon told Forbes it involved disrupting Wi-Fi connections used by the Key system, not Amazon software. Though MG's video showed an attack involving a driver, it's equally possible his trick could dupe those who use Amazon's lock for everyday use, or permit friends and family to enter with the app. Indeed, MG told Forbes this was a more concerning aspect of his disclosure.
Amazon, in a statement, has downplayed the attack, saying its systems should be able to detect if a door is left unlocked for too long, and that delivery staff should check the front door is locked before leaving.