Hackers Signal Security Risks of Parcel Pickup

Hackers Signal Security Risks of Parcel Pickup

  30 Apr 2021

parcel pickup

Overseas incidents highlight risks of using parcel pickup lockers: Internet Scambusters #959

Use of parcel pickup lockers and hubs is rocketing, thanks to security and safety worries.

But the pickup system itself is not without risks, as we report in this week’s issue.

We also have a new job scams warning amid a surge in postings of fake employment opportunities.

Let’s get started…


How Safe Are Parcel Pickup Lockers And Hubs?


Porch pirates, those rogues who steal packages from our doorsteps, and other security fears are prompting more and more people to use parcel pickup lockers and counter-based hubs.

Others choose to have their packages delivered away from home for convenience or privacy. And, more recently, lockers have become popular because they don’t involve human contact with deliverers, at a time when there are health concerns about a delivery driver on our doorsteps.

Remote lockers are a booming market that experts say is growing by around 20 percent each year, with providers relying more and more on advanced technology to make collection easier and, in theory, safer.

But just how safe are they? What are the risks?

There are three basic types of off-site package delivery — lockers that can be opened with a code or key, lockers that use smart technology such as biometric systems like facial recognition, and simple collection hubs where packages are stored, usually behind a counter in a retail store. Collection from hubs also usually involves presenting a clerk with a scannable code.

Although retailers, locker providers, and delivery organizations claim their systems are secure, it turns out that’s not always the case.

Unlocked by Hackers

For example, a hacking raid on lockers in Moscow enabled thieves to open thousands of them in the Russian capital. And, if they can do it there, is it possible the crime could find its way to the US?

In Russia, 8,000 lockers were targeted in various locations, with more than a third of them successfully opened. The lockers were operated by a service called PickPoint.

It seems likely that the crooks actually hacked into PickPoint’s network, which the firm called the world’s first cyberattack of its type.

Globally, most if not all smart lockers are controlled via networks, so information can be passed between suppliers and customers. And experience shows that virtually any network can be vulnerable to hackers.

Video surveillance firm ATMeye.iQ reported recently: “It is not uncommon for postal services to face hacking and fraud. In particular, it is quite common for the recipient to come to pick up the parcel and report that the locker is empty.”

Furthermore, security at pickup locations may not be all that we might expect.

Students Hack Lockers

For example, in China, a school science club claimed that it had hacked into so-called smart lockers that used facial recognition to open them. The students simply used printed photographs of the intended recipient to trick the system.

Subsequent research by a government department revealed that 15% — that’s about one in seven — facial ID lockers could be opened with photos.

There are other ways too that crooks can get their hands on your remotely stored parcel: if they have access to the pickup security code — perhaps through theft or hacking into individual users, for instance.

There’s also the basic risk of packages being snatched at the pickup point. Increasingly, locker operators are having to install closed circuit TV to monitor their locations.

Caution should be your byword when you collect anything — money or packages — at a publicly accessible location.

Collection Hubs

Another possible security risk relates to the use of collection hubs, usually found behind a counter at a retail store.

From personal experience of one of the Scambusters team, these packages may be stored on an open shelf in the store. Although this may be behind a counter, they may be vulnerable, depending on their accessibility.

This was the case with our Scambusters guy who spotted stacks of packages jumbled on a shelf, with only one counter assistant on hand, who might easily be distracted at busy times. It would have been relatively easy to get behind the counter.

The service is no longer available from this particular store, part of a large retail chain, though we haven’t established why it was stopped. So, it’s important to check how operators of these pickup points protect your items.

The incidents we’ve outlined here underline that, despite claims to the contrary, using pickup points for your parcels is not without risks.

Says ATMeye.iQ: “Criminals are always looking for new devices to exploit and unattended package lockers are a great target. These devices are just as, if not more, vulnerable than other self-service terminals.

“In 2018 in the US alone, Postal Police Officers responded to 841 incidents of violent crimes, making a total of 321 arrests.”

Furthermore, the question of who is legally responsible for stolen items is complex and likely depends on the individual circumstances of a theft. If you use one of these locker systems regularly, take the time to check terms and conditions for information on this.

Parcel pickup lockers and hubs are undoubtedly a great convenience for many, but it makes good sense to know the risks and check out the security arrangements.

Alert of the Week

Turmoil in the jobs market is driving a huge increase in employment scams, with crooks posting thousands of fake ads for non-existent openings or dubious work-from-home schemes.

Often, the scammers use names of well-known companies and government departments as a cover. In the case of work-from-home, they usually suggest it’s easy to make big money.

If you’re job-hunting, do your research, and never pay for supposed supplies, uniforms, medical tests, or training.

That’s it for today — we hope you enjoy your week!

Source link