Oops
This was a face-plant from the git-go.
Amazon has pushed out an emergency security update to its door-unlocking system called Key – which is used by couriers to let themselves into people's homes to drop off packages inside when folks are out. Delivery workers show up at a home, and use a smartphone to temporarily disable the lock on the front door so they can pop …
Really? Letting someone you don't know into your locked home where they could nick anything and everything they wanted of yours is less risky than having them leave a few books or dvds outside where those few books or dvds could be stolen?
Yet another idea revealed in a flurry of excitable hype before anybody has properly thought about it (or more likely doesn't want to risk the potential career damage of going against the groupthink that will be rife in this part of the company's "ideas factory" or whatever terrible name they've given it).
The idea is that letting the driver in your house (under strict observation!) is less risky than leaving the goods on the stoop all day.
Is it though? I live fairly rurally and still have an Amazon Locker nearby we can use. Also when the package won't fit in the locker they leave it round the back of the house, rather than wanting access to my house..
Or the alternate option we use - the cat flap.
Works fine for almost everything we order (presuming Amazon don't get up to their old tricks of using a stupidly sized box compared to the size of the content), and has the added advantage of allowing the master of the house free access to bring his latest prey in to munch on in some hidden corner somewhere.
In any case most of the deliveries need to be signed for anyway, which no amount of gadgetry can overcome, at least until they start supplying auto-pen options as well.
"The idea is that letting the driver in your house (under strict observation!) is less risky than leaving the goods on the stoop all day."
If you deliver a parcel and I'm not there to accept it, then it's still your responsibility. If you have no proof I accepted it, then tough, you made the decision to step on my property and leave an item there, it's your fault if it gets stolen.
I may moan about the local Post Office and their daft 24 hour collection rule but I'd rather they took the parcel into their safe keeping as they usually do than leave it laying about like some of these crap couriers do. I once ordered a sweatsheet for my daughter, it never arrived. The courier said they'd dropped it off and it had been signed for. 2 days to get a copy of the signature and it was nothing like my wife's or mine. 3 days later the parcel was found 4 doors up in the neighbour's recycling bin!!! A round of applause for Yodel, the world's worst courier service! How the hell they stay in business I'll never know, I have yet to have a delivery from them that arrived correctly or on time.
The funny thing is, I moved to a small city in southern Utah 7 years ago, and petty crime seems not to happen here at all. It's the LDS influence I guess. The FedEx guy just dumps stuff against our front door and leaves. He does that to everybody! And no one complains because stuff just stays where it's put.
It's uncanny, but I like it! :)
If that's the idea, it's a plainly idiotic one that ignores a fundamental aspect of risk assessment -- what is at risk?
Leaving a package on my doorstep risks the package being stolen, but my loss is limited to the value of the package. Allowing strangers to unlock my door risks everything inside my house. May the likelihood of the latter is a fraction of the likelihood of the former, but the amount of loss if it happens is much, much higher.
The "strict observation" and "vetted delivery people" doesn't really impact that equation much.
What if I am an Amazon approved courier. And what if I have a friend who is a thief. I deliver the package but conveniently leave the door slightly ajar so that it does not lock. Some time later, my friend comes by with gloves and a mask on and robs the place while I continue to deliver packages. My face will be on another camera at another location so you know I wasn't there. And how can you prove that I made an honest mistake?
Or what if I have a friend and we work in tandem. My friend finds the cable and phone lines on the side of the house. We time it out so that I deliver the package and begin to walk out the door. But my friend disconnects the cable and phone lines so that the internet dies, whether it is DSL or cable. Then we rob the place. As we leave, we break a window from the outside so that it looks like a neighborhood robbery and reconnect the internet. How can you prove it wasn't just a random outage or glitch in the equipment?
Trusting people to be honest is about as smart as trusting Apple, Microsoft, Facebook, Google, et al with your privacy. Yet millions upon millions of people are naive and do so. Letting people in your house to deliver a package is a bad bad idea. Far better to leave it an approved drop center where you can pick it up.
> What if I am an Amazon approved courier. And what if I have a friend who is a thief. I deliver the package but conveniently leave the door slightly ajar so that it does not lock. Some time later, my friend comes by with gloves and a mask on and robs the place while I continue to deliver packages. My face will be on another camera at another location so you know I wasn't there. And how can you prove that I made an honest mistake?
Statistics. You would get away with it once. The second and subsequent times it would be rather obvious that the robberies were following you and you would have some explaining to do. If they stopped once the authorities had made their suspicions known to you, you would have more explaining to do. That's if you still had a job with Amazon, of course.
"You would get away with it once. The second and subsequent times it would be rather obvious that the [missing items] were following you and you would have some explaining to do.[...] That's if you still had a job [delivering parcels], of course."
Yodel (and companies offering a similar customer experience: Hermes, and DPD Local (formerly Interlink Express), and ...) still exist, don't they?
Is any more evidence needed to prove that your theory doesn't match the real world ?
If sellers who use these delivery companies made it obvious up front who would be responsible for delivering the goods, then customers would be able to make *informed* decisions on where to buy, and many might choose to shop elsewhere and/or pay a little more for a reliable delivery.
That way, underperforming delivery companies would fail, if they didn't improve.
Isn't that the way competitive markets are alleged to work?
All you need to do, as a delivery driver, is call your thief friend after you leave and say "Number 22 Acacia Avenue - lots of nice stuff, camera is on the shelf in the hallway on the left, nobody is home".
Said thief can then break into the house (which is generally not that difficult) and be sure of nobody being there, and would know where the camera is to avoid it/break it.
"What if I am an Amazon approved courier. And what if I have a friend who is a thief. I deliver the package but conveniently leave the door slightly ajar so that it does not lock."
As the article makes very clear, since it's important to how this vulnerability works, locking the door is part of the process. If you leave the door open, Amazon know that you have done so. As will the camera which won't stop running until the door is locked. There are all kinds of legitimate reasons to criticise this kind of system, there's no need to invent imaginary ones that are shown to be impossible by simply reading the actual article.
"As we leave, we break a window from the outside so that it looks like a neighborhood robbery and reconnect the internet. How can you prove it wasn't just a random outage or glitch in the equipment?"
Or, here's a crazy thought, you could just smash the window and rob the place without worrying about being an Amazon delivery driver. Actually carrying out a regular burglary is not an effective way to disguise your burglary.
Allowing strangers to enter your home when you arn't there.with just some third rate, built down to a price tech equipment to make sure all is well?
Someone seriously thought it would end well?
You have to Amazon 10/10 for trying everything to actually make a profit, but 0/10 for reality awareness.
Why not have a locked "Amazon box" that they can open and drop stuff into? That way they can't get into your house, and unless you are having something huge delivered it works just as well without the security risk of letting a stranger into your home?
Such a stupid idea, I can't believe any mouth breathers are dumb enough to sign up for this! No doubt there will be far worse exploits in the future, which will make Amazon deservedly look stupid.
I've had the same idea, if I can ever get around to making one: large box on the front porch that will lock when closed. Currently drivers for the delivery services are just leaving parcels out front, generally without even ringing the door bell. Buying online and having things delivered is only going to increase and demands an answer to this issue.
Erm, don't know about the english-speaking world, but here in the Fatherland, DHL already have stuff like that:
https://www.dhl.de/en/privatkunden/pakete-empfangen.html
(the page in in english, don't worry)
I've used their free Packstation service for about 10 years, maybe longer. Any online retailer worth their salt can accept Packstation addresses. Amazon were one of the first to offer it. In fact, I think I first found out about this on Amazon.
There are Amazon specific boxes inside a few large shops near me, so accessible most of the day (and 24/7 in some supermarkets that do not close bar the wuirky Sunday hour limits).
Plus smaller places e.g. newsagents that allow Amazon drop off/ pickup with goods held in teh shop and you deal with shop staff to pick them up.
When I had my iPhone X delivered a couple weeks ago it was signature required but I wasn't going to be home part of the day. I went on UPS' site and had the delivery changed to a UPS store a few miles away (pretty sure Fedex offers the same service) Just walked in, showed an ID, and was handed the package. Probably be a good idea regardless since even if signatures weren't required having so many small, similar and known to be worth $1000 packages left lying around would be a banner day for porch thieves!
No reason you can't do the same for Amazon packages that are valuable stuff. Most of the time what I'm getting from them is under $50, so if someone ever stole a package off my front porch I'm not going to be unduly bothered. If I had a TV shipped to me or something else that's both valuable and by the form factor of the box screams "here is something you want to steal" to thieves driving by, I'd either make sure I was home for the delivery or have it redirected somewhere I could pick it up.
Way better than letting some rando into my house!
This post has been deleted by its author
Yep - a parcel safe works for me. Postie bungs item in box, locks it. Seem not to be easily available any more.
I remember a lot of people said to me "Don't see the point. What if you get two parcels, and the second person can't get into your parcel safe?" I never could persuade them that 95% of my parcels being delivered rather than taken back to the sorting office was significantly better than zero.
Our main problem with the parcel safe seems to be that our local couriers cannot see a three foot by two foot green metal box on the wall right beside the front door.
If I am not going to be in, I have the courier deliver it to the off-licence down the road or in the next town to where I am travelling.
That way I can be sure of the security, get a bottle of something nice with a cork in the top and, lastly, give the licencee some trade.
I wonder how insurance companies view claims made by people who deliberately chose to allow strangers into their homes. I haven't read my homeowner's policy in awhile, but I bet my insurer would try to find a way to deny a claim based on some clause in there they feel covers this. Negligence of some sort, I'd wager.
Not there's any fucking way I'd put such a lock on my house in the first place.
So Amazon assumes it is just delivery drivers would re-enter? What about someone who waits at a local delivery center, looks for the big package, follows the driver to their destination, waits for them to exit, and then starts the camera jamming process?
Nice try, Amazon, but your spin is weak.
Exactly my thoughts as I read those bits in the article. Pick a delivery driver, any delivery driver, and while the miscreant might have a wasted day hoping he'll reach a household with this idiotic device installed, if he does get led to one it could make it all worthwhile.
Also, from the article:
"One potential fix would be for the CloudCam to include extra storage, and cache video locally for some period of time after it is knocked offline. That would then capture footage of any attempted reentry.
But that approach is not only imperfect – a potential thief could keep the camera offline until the cache was full "
Yeah... or he could just nick the camera in order to dispose of the evidence.
The theft would require cooperation (either voluntary or through ignorance) from the deliver driver. An honest driver would stick around outside the door because the app wouldn't let him mark the job done until the Amazon cloud receives the "locked" signal from the camera.
The average driver would probably already be out of sight and on the way again, frantically clicking the lock button until the thief releases the camera and the door locks again. He'd still be on the hook for not properly locking the door, though.
"What I would suggest to Amazon is to incorporate local storage to cache video, and log lock activity, until the [Wi-Fi] signal is restored. It's not a perfect fix – a bad guy can just continue DoS'ing until the storage fills up or cycles through – but it would increase the complexity to exploitation significantly."
Why wouldn't the thief just take the obvious looking camera with them? I mean if you are set up the jam the wireless, you would be expecting to see a camera mounted somewhere pointing at the door, right?
These "security researchers" make a suggestion like this, but really didn't think it through, did they. I hope they aren't going to be doing our next security audit!!!
Wait! Are you suggesting the easiest way to deter thieves is simply to put things up high where they can't reach them?
You'll also have to put stepladders and chairs and such high up where they're out of reach. And sturdy boxes. Crates. And cupboards that might be moved. Which you'll then need a stepladder for to get things in or out of. And as the stepladder is stored out of reach you'll have to get a new one (from Amazon?) which you afterwards need to store out of reach again. I see this being a recursive problem without an, eh, bottoming-out condition, and you'll sooner or later reach the Stepladder Event Horizon.
One positive aspect is that it will cause a surge in membership of the Society for Putting Things on top of Other Things.
"the fuse box was next to the entrance"
I would say in 95% of properties it's under the stairs. Unless of course you can't afford a house and live in a flat or bungalow. And even then it's almost always inside the property. It would be pretty stupid to have it outside where anyone could turn it off - and say disable a standard burglar alarm...
"I would say in 95% of properties [the electric meter] is under the stairs. "
Where and when did you conduct your survey?
Pretty much every reasonably recent (or recently modernised) property I have lived in or visited in the UK in the last 20+ years has an externally accessible meter cupboard, which is freely accessible with a cheap plastic key. In that way the electricity supply can be readily disabled.
"disable a standard burglar alarm..."
Any fool knows that a sensible burglar alarm will have a backup battery so that it continues to operate even if the incoming mains takes a break. In the days when an external siren/bell was any use, they often used to have a battery in the sounder so it made lots of noise if the connection between sounder and control unit was severed.
Try again, troll.
"has an externally accessible meter cupboard, which is freely accessible with a cheap plastic key. In that way the electricity supply can be readily disabled."
Which everywhere I ever lived contains only the meter and no way of isolating the power without cutting cables. Fuse boards and breakers are almost always inside.
Which everywhere I ever lived contains only the meter and no way of isolating the power without cutting cables. Fuse boards and breakers are almost always inside.
Where you live maybe. Much of the rest of the world there has to be a safe way for emergency services to disable the power in an emergency. Bit of a bugger to be trying to resuscitate an electrocution victim and have to ask them where the fuse box is coz the neighbour who called the ambulance doesn't know.
Every house I've lived in (a dozen or so), every house of family or friends (a few dozen), and every house I've worked in (a few hundred) has had a metre box on the outside with a power switch.
"Any fool knows that a sensible burglar alarm will have a backup battery so that it continues to operate even if the incoming mains takes a break."
And anyone who actually knows what they are talking about will tell you that the average system has a 2Ah battery and that PIRs draw maybe 30mA each. So in an average house with 4 PIRs the system will be dead in less than a day after you pull the power! Not exactly hard to take advantage of!
"Any fool knows that a sensible burglar alarm will have a backup battery so that it continues to operate even if the incoming mains takes a break."And anyone who actually knows what they are talking about will tell you that the average system has a 2Ah battery and that PIRs draw maybe 30mA each. So in an average house with 4 PIRs the system will be dead in less than a day after you pull the power! Not exactly hard to take advantage of!
Got a tiny one from a mate's alarm next to me (paper weight now). It's the smallest SLA I've seen and it's a mere 4.5Ah battery. Most alarm batteries I've seen are closer to double the physical size, but I'd have to go digging for an old one (still part of a security system, in a box on a high shelf that looks "interesting" but, well, know what you're doing when you pull it down....) to know what the rating was.
The 4.5Ah battery at several years old kept the alarm system functional for 12 hours last year - the panel was lit and beeping every few minutes just before the power was restored after the Kaikoura earthquake (power was out for not quite 13 hours in our area). That said, some 6 months later it was completely stuffed.
It's rare for power cuts to last that long, and in most households someone would be home inside a 12hr period most days. But if the battery had to power a few cameras as well, and keep them online, then even an 8Ah one would struggle to keep up more than a few hours.
And anyone who actually knows what they are talking about will tell you that the average system has a 2Ah battery
It's you who doesn't know what they are talking about; the most common SLA battery used for burglar/fire alarms is 7Ah. So you're looking at several days before the battery is exhausted, and usually they'll signal in some way that the battery is running low.
I have a couple DLink cameras that instantly freeze as soon as any motion happens in front of them. These Amazon cameras seem about as reliable.
This was a dumb idea from the start. How many people have security systems in place which would prevent this from working? Or pets that could potentially get out of the house if the courier isn't paying attention. Lots more things can happen too.
I like the other poster's idea of just having a self-locking box outside the door for any packages. Drop them in, close the lid and it's locked.
I'll give Amazon one bit of credit - this "deliver packages inside your front door" concept is less stupid than a recent Walmart trial-balloon of "deliver groceries to your kitchen refrigerator", with the same sort of delivery-unlocking feature. While everyone is noting the problem in the Amazon system due to underlying wifi weakness, at least when it works correctly it does not feature an unknown person actually walking through your house to get to the kitchen. The mind boggles.
How about giving the courier a one-time-code that way the above method won't work. Besides if losing communication with the 'cloud' prevents the door from being locked. What's stopping the perp from placing a jammer near the door and waiting for the occupant to exit the building. you could place a webcam on a nearby tree and watch from a block away in your car.
I already have an outside box for UPS, FedEx, and postal service deliveries. It's not locked, because, well, location, location, location... and good neighbours.
One of the things about consumer-indoctrinated culture is, I guess, that we are conditioned to expect increasing convenience. Me mum did the whole knead-rise-punchdown-rise-bake thing to get lovely home-baked bread; I pop it in a bread machine. Coffee machine on a timer to brew as I awaken. Used to record on tape, take pictures on film -- digital is so much easier (with the caveat about colour depth and resolution on film).
Damned if I'll connect any of it to the cloud, though.
Nor will I connect my locks. Or lox. (Mmmm, salmon.) Amazon deliveries will have to trudge through wet leaves, pop the box in the blue plastic bin on my porch, and trudge away. And mind the squirrels, mate, they bite.
On a separate note: splell chex on this window appears to flag non-Brit splellings: neighbor is flagged, neighbour is not. Color and colour likewise. Is this new? Has El Reg gone all King George III on us poor cross-pondians?
"On a separate note: splell chex on this window appears to flag non-Brit splellings: neighbor is flagged, neighbour is not. Color and colour likewise. Is this new? Has El Reg gone all King George III on us poor cross-pondians?"
I would imagine your browser is doing the spell checking - so if you are in Overpuddle and it's flagging up spellings that are right for you, and wrong for us, that suggests the browser's language is set up wrongly.
Or as an afterthought, what with a significant new version of Firefox having been released very recently, is it possible the developers have tried to be super clever (and in so doing, possibly given themselves need of a facepalm) and are trying to base the language on the site/TLD?
Ah, of course. New FireFox. Half a mo', checking with Chromium... Right, then. Colour is flagged in Chromium, color is not. How odd! Quick peak at FF preferences reveals English US as language, etc. So it might be site-specific?
(Of course it's the browser, as usual I was not thinking straight.) Rather charming behaviour/behavior, I think I like it. Have a beer, share it with a Mozilla dev...
"Me mum did the whole knead-rise-punchdown-rise-bake thing to get lovely home-baked bread; I pop it in a bread machine."
A bread machine is what got me into baking bread. Mine broke, and I realized that the bread machine was actually saving me almost no time and effort whatsoever -- it only takes a few minutes to mix up a batch of dough, and the rest of the time spent is just waiting. So I started doing it all by hand, and still do. It takes me about 10 minutes longer to do it this way as opposed to the machine.
Bonus: the bread machine produces better bread than store-bought, but still not as good as hand-mixed. The amount of water you need for good bread varies according to environmental conditions and the particular batch of flour you're using, so for best results you need to actually feel the dough and adjust accordingly.
Courier drivers have to deliver, for example, 147 packages in 8 hours. After driving to your address, they're then got about 12 seconds to dump the package and get back on the road to deliver the next package.
If they're going to be wasting time browsing through your wife's panties or committing other petty crimes during working hours, then they'll be fired that very evening. Because they failed to deliver 53 of those 147 packages on time.
So it won't happen a second time.
Still, valid point about System Design 101.
Courier drivers won't be doing it. As others already stated, their friends (or complete strangers) will.
Wait till the courier unlocks the door, then you jam the house's toys (courier won't notice, how could he), then you wait till the courier leaves and you do your thing. Take your time.
Amazon would need to set up an obligation for couriers to check if the door is well closed, that's the only valid solution, but it's still an imperfect one, because what will those couriers do if the door refuses to lock? What if they forget or are distracted by someone? I wouldn't bet my valuables on this (but then again I would never put my door locks "in the cloud" to start with).
If the Amazon door key requires power, internet and an app, to let you, or anyone else, open it from the inside, then I'd classify it as a death trap. It's bad enough that some insurance companies in some countries require deadlocks to be installed, but at least with deadlocks, you can leave a key in them when inside.
"Why doesn't the device automatically lock the door if it loses network connectivity?"
It could - but if the door is still open or only partly closed (when the "lock" command is issued) then unless you have a motorised door closer, then the part of the lock (in the door frame) that allows the door to open, will try to "lock" a door that isn't in the right position...
So, the door is now permanently unlocked, allowing anyone to enter, but the "sensor" in the door lock says it's locked.
I think more people would be better off using the AmazonLocker facility...or if you are in an apartment block or even in combination with some neighbours, one could get a "secure box"m into which delivery drivers can "post" items into, but cannot then remove any other items inside.
If a sig is required then a code could be written on the box (that is changed each day) that the driver can record and then courier firm and addressee can be sure the item has been taken to the delivery address.
Yet the converging juggernauts of online shopping replacing 'high street', and impending decrepitude, mean some kind of solution should be found.
The idea I currently favour is having a security antechamber, with the external door using a programmable keypad, and the interior door somewhat similar to a bank vault. Furnish with secure containers including insulated ones for groceries, salt liberally with cameras, add electrified floors/rotating blades/spiked pits as taste and architecture allow, and relax.
Being an engineering solution it would cost real money, as opposed to the few hundred bucks amazon would be flogging their lock/camera/software (guessing, not going to look).
There will probably be a market for ugly cages people can bolt onto their front doors to achieve this effect.
Yet the converging juggernauts of online shopping replacing 'high street', and impending decrepitude, mean some kind of solution should be found.
It'll probably be self-solving anyway. More people buying online means less spend at bricks&mortar. Less spend at bricks&mortar means stores close, jobs are lost. More jobs are lost, less people have to spend elsewhere. Less spent elsewhere means even more jobs are lost.
More jobs are lost, more people are at home. More people at home, less need for systems like this since no one will be able to afford to leave home anyway.
So you're telling me that people have remote controlled locks on their doors and are allowing 3rd party access?
That's it, the world has finally gone insane. I'm going to strip naked, run into the woods (conveniently located just outside my home mind you!) and will live out my life as a hermit!
The movie idiocracy is becoming a documentary, people really are getting dumber by the day.
I imagine that anyone from outside the building can flood the Wi-Fi frequencies to stop communication. We have wireless microphone systems and when they're switched on, no wi-fi devices can communicate on the 2.4ghz band. So I don't believe that blame can always be laid at the drivers door.
Assuming building also has some "normal" key operated entry points.
When delivering item.if (stupid but it happens) customer has left keys around (or obvious key locker on wall) to other doors and has no internal CCTV, a bit of plasticine will grab you key imprints, a quick photo of alarm system to record the brand (maybe use UV to spot most used keys).
These can be passed to burglar mates to create keys and break in, weeks / months later at a time when you have alibi of being elsewhere (assuming your mates know how to defeat the alarm, or they will gamble on key combo based on UV data)
If you allow a random to access a building unsupervised, don't be surprised if something "odd" happens a while later (where "a while" is sufficiently later to make it seem unrelated to that event)
The only thing more surprising that it could be that easy to disrupt the webcam like this, is that people are daft enough to actually have it installed in their homes right now!
They might as well leave the key in the door with a note saying "Hey courier, please let yourself in. But don't take anything! That's not nice!"
The 'key' thing to take away from this article is not that this happened. It was inevitable. Not that they are patching. Nor that it's a bad idea. We knew all that. was always going to happen.
The key thing here is that this implies they actually *sold* some of these things.
Lunatics.
Why would anyone in their right mind allow any third party to remotely open their front door?
Because you trust an internet giant? Because you trust their security to guarantee their system is never hacked? That some wiseacre won't unlock 5,000 front doors in West London for the hell of it (or because he's got 50 very busy friends with large vans)?
I'd point out that pretty much all the risk is borne by the consumer, and for what? So that Amazon saves a few pence per item in delivery time?
The privacy and security that people are prepared to give away in the name of trifling, often illusory convenience leaves me dumbstruck.
People say we live in the Age of Stupid, mostly a phrase that's come into relevance since the US presidential election. But I wonder if it's more accurate to call it the Age of the Lemming.
The web giant has also stressed that all drivers undergo a background check, that carrying out the exploit would require a decent level of technical knowledge, and a time stamp is kept of all openings and closings, so it is not an easy job.
Amazon does not have to worry about their drivers having the technical knowledge to exploit this attack. I live in an area with no cell service. Amazon drivers take six days to deliver a two day Prime delivery because their device cannot provide them with a map. When they finally show up they get really confused because the device has no cell service and won't let them release the package. When I explained the nearest cell service is 10 miles away, they walked in a circle and waved the device in the air trying to pick up service.
I ended up firing them. Every time Amazon was the shipper I called and canceled the order. Finally after the third time of canceling the order and talking to Amazon Logistics (just ask to be transferred), they "de-prioritized" Amazon as the shipper for my address.
Software and computer product 'engineers' need to understand the principle of failsafe, like proper engineers do.
Over the years many of us have critisiced the shoddy way many programmers work, and how they write code in a way that bugs can be catestrophic. (Everyone makes mistakes, but code shouldn't be written impersonating a house of cards)
Many of you will recall some of those "funny jokes" going around years ago, saying "what if microsoft made cars.... Your brakes failed? Have you tried stopping and restarting your car?"
Many of us despaired at programming quality, but could at least have a laugh about it.
Well now with more computer controls in cars, internet-of-shite on our toasters/lightbulbs/webcams/locks, this same development mentality is hitting the real world.
Many of the designs of the hardware 'IT' in these devices is dictated by the software rather than the other way around, and we're now seeing the sort of cockups time and time again when people try to use this "have you tried switching it on and off?" software design mentality in the design of these 'IOT' devices.
These people need to start thinking like real engineers, starting with learning the term FAILSAFE. It isn't actually a PR term, it's meaning in the engineering world is literal - if something fails, it fails into a safe position.
Overlooking the stupid idea in the first place, there is simply no excuse for a door locking process to fail like this. There should have been numerous safeguards and "failsafes".
And this is just one example amongst many. It isn't the first, and won't be the last..
What happened to 'porches' you know, having two doors separated by a couple of feet?
They were great as firstly you could get wet clothes off without going into the main building. But as the second door could also be locked that way the delivery driver only has access to the first door. They can just drop off the parcel in there and voila no security worries.
Shame lots of buildings don't have them anymore.
Ok, the tech side will probably take me a few days to grab everything I need from various howtos (assuming they exist and I can find them - fairly likely) and get installed, but aside from that not to bad.
So step 1 is to get the device to the house. Maybe place it there late one night, depending on the property may not be too hard. If I can pretend to have legitimate reason to be on the property (even the common "Does Albert still live here?") I can scope out places to hide a jamming device.
Step 2 is to start knocking their camera off at random times. Like tripping house or car alarms, this leads to the "alarm" being disabled or ignored.
Step 3 is to order something for that address via Amazon (maybe as a gift?) Would be really hard to fake my id, like a stolen credit card or a "Prezzy card" (prepay visa that can be brought with cash).
Step 4 is when the courier arrives, be waiting nearby, jam the system and slip in.
The one thing that could be a reasonable counter to this would be something with the app on the courier's phone that also alerts them if it cannot send the lock signal. But few app writers seem to go to that level of security. Not like it's Amazon's money if people get ripped off...