Just over half of Amazon Fresh stores are equipped with Just Walk Out. The technology allows customers to skip checkout altogether by scanning a QR code when they enter the store. Though it seemed completely automated, Just Walk Out relied on more than 1,000 people in India watching and labeling videos to ensure accurate checkouts. The cashiers were simply moved off-site, and they watched you as you shopped.
so what did they do if you walked in, didn't scan your qr code, and walked out? how did they think they were going to separate the two groups well enough to prevent theft? like the whole concept screams "figure out how to steal in full view of the entire store". like one wig, a little costuming, and the cops are never going to find you from the video footage.
I spent a decent amount of time thinking of how best to shoplift from there, lol. My best idea is that with some decent slight of hand, you could easily fool the system into thinking you took 1 product instead of 2, or you returned an item when you actually didn't. And then you can challenge your receipt to make them fix it. There are a lot of camera angles, but they are only 14fps, and it can still be pretty tough to tell what someone is actually doing even if they are acting totally normally and non-maliciously.
Another funny theory I had is that to beat the tracking system, you could lie down or something. It's not something I ever tested in practice, but their tracking system relies heavily on the assumption that everyone is standing upright, so maybe if you rolled on the floor a little it would get confused. But when it gets confused it goes to one of those low paid workers in India or Costa Rica, so it might get corrected manually.
Horse costume for 2 people
yeah, the whole thing just screams "find an attack vector". did they actually red team it?
I mean, they test it a lot. It seems like the general philosophy though was that the ways of fooling the system reliably are somewhat convoluted, so if someone is willing to do all that, just let them lol.
Amusingly, one of the particular vulnerabilities that they mentioned having problems with in the UK in particular was people just brazenly going into a store, taking down some cameras or other equipment (networking equipment, edge compute, etc.) and Just Walking Out.
It does seem like an easy way to do this is just get your buddy to shine a laser pointer at the camera while you grab the stuff.
Any given shelf is generally visible by like 6-8 cameras.
Oh, I see. That's fucked. Over here stores have like...3 cameras total? Giver or take? Positioned in a way that multiple aisles are covered by a single camera. We don't really have a lot of fearmongering about shoplifting though.
It's not really about shoplifting, the cameras are a core component of the system, and if they could use fewer they would. Say what you will about the concept, but the cameras themselves aren't really the insidious part, in my opinion.
I'm assuming these cameras all have to be wired, right? If they were wifi, a concentrated deauth attack could take the whole store down.
Yeah they're wired, larger grocery stores were kind of a problem because they need up to like 10gbps connection, which is pretty abnormal for a grocery store. Because yes, almost all of the video is processed in the cloud, although they are trying to shift more of it to processing on devices in the stores.
The stores have gates that prevent entry until you scan the code. You could maybe hop the turnstyle, but there's usually at least one employee near the front to "help people get in". And to be fair, lots of people have questions about it so it's not entirely bs, but I guess their job is also to dissuade this.
oh they're walk out only? that's bizarre.
I mean, to scan in is still really quick, it's like going into a subway or something.