Amazon Key
(Feb 4, 2018) Initial video:
I call this the "Break & Enter dropbox" and it pairs well with my Amazon Key (smartlock & smartcam combo).
— MG (@_MG_) February 4, 2018
It's all current software. Amazon downplayed the last attack on this product because it needed an evil delivery driver to execute. This doesn't. pic.twitter.com/35krz46Kab
(Feb 6, 2018) Post-video Writeup:
https://medium.com/@_MG_/amazon-key-burglary-as-a-service-b296820a20d0
(needs to be migrated away from medium)
Media coverage:
- https://www.theregister.co.uk/2018/02/05/amazon_key_hack/
- https://www.forbes.com/sites/thomasbrewster/2018/02/06/amazon-key-raspberry-pi-break-in/
- https://motherboard.vice.com/en_us/article/a34g3k/amazon-is-fixing-a-security-loophole-with-its-key-service
- https://www.tomsguide.com/us/amazon-key-dropbox-attack,news-26567.html
- https://www.zdnet.com/article/after-dismissing-security-flaw-amazon-patches-key-smart-lock-anyway/
- http://www.dailymail.co.uk/sciencetech/article-5365109/Expert-finds-Amazon-Key-flaw-leaves-homes-unlocked.html
- https://www.theregister.co.uk/2018/02/07/amazon_key_crack_revealed_before_fix/
- Hak5: https://www.youtube.com/watch?v=YFgKJ2liAUs&feature=youtu.be
(April 7, 2018) To be continued...?
Had a fun day at Amazon doing some consulting on product sec & vuln disclosure.
— MG (@_MG_) April 7, 2018
I'm hoping to have something to point at soon, but they seem to want to improve things for us researchers in meaningful ways. Big players can move the industry, so I really want to see this. pic.twitter.com/wAwERTFo9L