United States

Amazon Key Security Flaw Could Leave Homes Vulnerable to Thieves

Amazon told NBC News that "safety and security are built into every aspect of the service"

Amazon Key, a new service from Amazon, allows a delivery person to unlock your door and deliver a package inside your house.

But "Today" national investigative correspondent Jeff Rossen demonstrated with the help of a cybersecurity expert a loophole in the system that can allow someone full access to your home without you knowing.

With the permission of a homeowner named Rachelle, who watched remotely using her Amazon Key app, Ben Caudill, founder of Rhino Security Labs, was able to disable the homeowner's Wi-Fi and freeze the camera feed.

Amazon has issued a software update, saying customers would be notified more quickly if their camera goes offline.

In this case, Rachelle received a notification in less than a minute that her camera was unavailable — but no clear indication that it had been hacked, or that someone was in her home.

Amazon told NBC News that "safety and security are built into every aspect of the service" that this poses little risk to customers, and the issue is with most Wi-Fi systems themselves, not with Amazon's software.

UPDATE: After this story was published by TODAY, Amazon said during a delivery scenario, it “will get alerts within seconds of a camera interruption, immediately know who the driver is and when and where the incident happened.” At that point, Amazon will notify the customer and initiate an investigation. They say the customer also gets a notification on the app within seconds “if more than two seconds of live view has been interrupted during a delivery.” These safeguards only function during a delivery when using the Amazon driver’s app, not when using the customer app as in the demonstration.

Contact Us