Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 5 MINUTES AGO.
You are here: Home / Network Security / Amazon Dash Button Hacked
Amazon Dash Button Hacked, Lets You Do More Than Buy Stuff
Amazon Dash Button Hacked, Lets You Do More Than Buy Stuff
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
18
2015
When Amazon debuted its Dash buttons earlier this year, the e-commerce world was all abuzz. Dash lets you order common household products at the push of physical buttons. But it didn’t take long for a hacker to find a way to use Dash buttons to do more than order products.

Amazon, for example, rolled out a Tide-branded Dash button you can adhere to your washing machine. When the detergent is almost gone, you just hit the button and a new bottle is automatically delivered to your doorstep.

Ted Benson, co-founder and CTO of spreadsheet tool Cloudstitch, hacked Amazon’s $5 Wi-Fi button to track baby data. Benson’s hack never started with malicious intent. He and his wife tried a few baby-tracker apps but they didn’t meet the changing needs of parents with a growing baby. He was looking for a simple button he could stick to the wall and push to record data about poops today and wake-ups tomorrow.

Multi-Purpose Dash

As it turned out, Amazon offered an “easy way” for Benson to write a program that sniffs his Wi-Fi network for evidence the button was pushed, then records the data point, he said.

“Dash buttons are turned off most of the time to preserve the battery inside. They only turn on when you push them,” Benson wrote in Medium.com. “And that means they have to re-connect to your Wi-Fi network every time they are pushed. That’s easy to detect.” He rigged his Dash button to send data to spreadsheet software.

“A lot of people made fun of Dash buttons when Amazon launched them on the day before April Fool’s Day,” Benson said. “But regardless of what you think about Dash as a consumer product, it’s an undeniably compelling prototype of what the Internet of Things is going to look like.”

Could This Get Malicious?

We turned to Tim Erlin, director of IT security and risk strategy for advanced threat protection firm Tripwire, to get his take on the hack. Erlin told us Benson hasn't actually altered the behavior of the Dash button.

“He's simply recording activity on his home network. While he may not be doing so for malicious purposes, others may be able to use that information in ways that are less laudable,” Erlin said. “Human beings are tool users and problem solvers, so it's no surprise that given a new set of tools, people will 'solve' problems in new ways."

Chris Conacher, security development manager at Tripwire, told us tech savvy consumer will always be looking at ways to “improve” Internet of Things (IoT) products even if these “improvements” void their warranties. This is a double-edged sword for IoT vendors, he said.

“Companies that want to restrict this behavior may be penalized by the market missing out on an opportunity to develop community tie ins to products even it was not the original intent,” Conacher said. “This market will be consumer-driven purchasing at its purest. In the meantime, consumers that want to 'improve' IoT devices should beware of the implications of these changes, especially those that affect purchasing capability, otherwise you may find a lot of diapers on your doorstep."

Tell Us What You Think
Comment:

Name:

Rob:
Posted: 2015-08-19 @ 4:30pm PT
What I would like to know is what the risk is of having to hand over your Wi-Fi password to Amazon in order to allow the Button to purchase the products that you have programmed into it? I just got three Buttons today, but haven't set any of them up yet because of this concern. What could they do with that information?

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.