CyberWisdom Safe Harbor Commentary on key service vulnerability patch
SC media reveals Amazon will release a security patch for its “critical” service in the upcoming update, and a researcher posted a video demo claiming they are using Raspberry Pi to attack Amazon devices.
Researcher MG, who placed a device called “Break & Enter dropbox” near Amazon devices without any configuration or network access and claimed to have carried out an attack that allowed them to take delivery of a fake Entering a door simulates a delivery but does not ensure that the door is locked before leaving.
It is unclear which methods are used or which ones are exploited. MG also said he will not release all the technical details of the attack until Amazon releases a patch, telling Forbes to interfere with the Wi-Fi connection used by the Key system instead of Amazon software.
Key service vulnerability
An Amazon spokesman told SC Media that the key service vulnerability in the video indicates a problem with the Wi-Fi protocol. Instead of Amazon software, it’s important to note that this is a mock attack wherein real-life scenarios the device’s security settings have informed Amazon that the door is unlocked. The spokesman added that a real delivery driver would be trained to ensure that the door was locked before leaving the site.
This update addresses the unlikely scenario described as a user opening the door, a deauthorization occurs, and then the user cannot enter or leave after a predetermined number of seconds trigger the deauthorization.
Amazon is issuing a security patch for its Key services shortly after a researchers posted a video demonstration of them claiming to hack the Amazon device. Engaging post, Read More…
thumbnail courtesy of scmagazine.com
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »