Hey landlords! Try the new Amazon Deadbeat-B-Gone™ service! $19.99/month!

Never have to worry about being a lead in Pacific Heights again!

A friend of mine who lives in New York actually has an apartment where all building an unit access uses an RFID enabled lock system with an app on the phone. It’s very easy for the owner to lock someone out and the system went out twice and they couldn’t get in. She doesn’t even get a physical key for a back up.

Read the lease carefully. Two years ago some tenants in NYC won a lawsuit against their landlord for not giving them keys.[1]

Anyway, I assume Amazon is already considering what GP proposed. They have a program called Alexa for Residential[2] marketed to property managers who want to put IoT things in apartments.

[1] https://www.cnet.com/news/tenants-win-rights-to-physical-key...

[2] https://www.gizmodo.com.au/2020/09/amazons-alexa-for-landlor...

"Alexa, evict the peasant in apartment 6B."

"Alexa, have you got a 27B/6?"

David Thorne?

Thanks! Forgotten about that (I see that Jonathan Pryce is young, so my lapse is to be forgiven).

This was what I meant: http://www.27bslash6.com

He's well worth the read.

Video not available, in the UK at least. Although I think I know the scene you mean.

Our fucking community pool has an app to unlock the gate. Why do I need to install your app to open a gate?

I refused to install it and demanded a keycard. People look at me like I’m a freak when I open the door with it.

You should intercept the API calls it uses!

Honest question. How do you intercept and retrieve an API that communicates within an app?

Assuming it does not use TLS cert pinning, you can use mitmproxy [0].

[0] https://mitmproxy.org/

If it's on WiFi, any old packet sniffer on the network should do the job. If it's on cellular, you'll need to have access to police equipment.

Cellular data? just connect your phone to your own VPN (like a RaspPi) and sniff there

A packet sniffer on the network will not help with tls encrypted endpoints.

The charles proxy with custom ssl certificates may help if the certificate is not pinned in the app.

I'm going to bet a beer it's not encrypted at all. Too much hassle, so plenty of hardware vendors don't bother.

With everyone putting their services behind cliudflare or aws loadbalancer you very seldom see a http endpoint nowadays.

HTTPS MITM + Wireshark If it even uses HTTPS lol

Wireshark is popular for this

Sinister? I’m not sure I understand. The doorbell doesn’t stop one from entering their home when Amazon servers are down. It also doesn’t stop people from knocking on the door.

You're missing the Forrest for the tree. What about smart door locks, smart boilers, smart heaters, smart AC thermostats. smart bathrooms, smart fire alarms..?

Or the vacuum that starts up exactly 39 minutes after you fall asleep each night.