Amazon Delivery Drivers Hacking Scheduling System

Amazon drivers—all gig workers who don’t work for the company—are hanging cell phones in trees near Amazon delivery stations, fooling the system into thinking that they are closer than they actually are:

The phones in trees seem to serve as master devices that dispatch routes to multiple nearby drivers in on the plot, according to drivers who have observed the process. They believe an unidentified person or entity is acting as an intermediary between Amazon and the drivers and charging drivers to secure more routes, which is against Amazon’s policies.

The perpetrators likely dangle multiple phones in the trees to spread the work around to multiple Amazon Flex accounts and avoid detection by Amazon, said Chetan Sharma, a wireless industry consultant. If all the routes were fed through one device, it would be easy for Amazon to detect, he said.

“They’re gaming the system in a way that makes it harder for Amazon to figure it out,” Sharma said. “They’re just a step ahead of Amazon’s algorithm and its developers.”

Tags: ,

Posted on September 22, 2020 at 6:36 AM15 Comments

Comments

Joel Odom September 22, 2020 8:00 AM

My experience with Amazon delivery drivers has been far less than stellar. The gig economy may work well for personal services, but Amazon needs to realize these folks aren’t professional, and are not going to act professional or accountable.

Peter Shenkin September 22, 2020 9:39 AM

I always knew money didn’t hang from trees, so I’m surprised to hear that cell phones do.

@Joel-Odum My own experience (NYC) with Amazon delivery is that they are better than the other carriers. When they ask to be buzzed in, they always announce who they are clearly and when they leave a package, nearly all the time they come up in the elevator and leave it at my door. The other delivery services nearly always leave it in the lobby, where it can easily be stolen. (And yes, this has happened to me.)

Evil amazon September 22, 2020 10:52 AM

They’re not cheating Amazon, they’re competing against other drivers. Amazon is still evil though:

One reason Flex contractors do this is to get around the requirements for being a driver, such as having a valid license or being authorized to work in the U.S., according to a person familiar with the matter. In such cases, someone who meets the requirements downloads the Flex app and is offered a route earning $18 an hour. He or she accepts the route and then pays someone else $10 an hour to do it, said the person, who requested anonymity to discuss a private matter.

flasker September 22, 2020 10:57 AM

@Peter Shenkin

Sounds like a good way to get buzzed into any random building. I’m sure it wouldn’t take long to randomly buzz people saying you’re an Amazon delivery driver before you find someone expecting a package from Amazon on that day to let you in.

Jimbo September 22, 2020 11:27 AM

I am not sure this system would work. “the system can detect a smartphone’s location to within about 20 feet” If so, then Amazon would quickly be able to see multiple drivers within 20 feet (the phones hanging in the trees) that never change location, even when the driver is making a delivery the phone is still hanging in the tree.

Clive Robinson September 22, 2020 11:49 AM

@ ALL,

From the end of the Bloomberg article is why similar goes on in the UK all the time,

One reason Flex contractors do this is to get around the requirements for being a driver, such as having a valid license or being authorized to work in the U.S., according to a person familiar with the matter. In such cases, someone who meets the requirements downloads the Flex app and is offered a route earning $18 an hour. He or she accepts the route and then pays someone else $10 an hour to do it, said the person, who requested anonymity to discuss a private matter.

In the UK case it’s often Brazilian’s pretending to be European Citizans from the likes of Portugal.

One firm gives different rates to car drivers, motorbike drivers and cyclists. So the person who “registers” goes for the highest reward then subs it out at a slightly lower rate than the lowest rate. They often register for four or more different delivery services, as well as being taxi drivers.

In the UK this is part of “The Black Economy” bordering on the “Criminal Economy”.

Obviously with COVID-19 Furlough payments comming to an end and Brexit destined less than three months later, work is going to be desperate in the UK as well, also the “Buy to Rent” market which has kept house prices well above the European equivalent is probably going to crash out as well.

The UK Chancellor has anounced a benifits and civil servent pay freeze with the Retail Price Index indicating people are doing very badly financialy a serious recession looks very much on the cards.

So I would expect a rise in this sort of behaviour. After all histoey shows us it’s what “Work Gang Bosses” used to do, and carry on doing where they have some kind of leverage such as the people they use have few or no legal rights and are thus right to be exploited.

Look at it this way if you register for four different driving gigs and take 8USD/hour for 7, 16hour days that’s effectively 180k/year sight inseen for doing nothing and you could also have another job to look legit legaly…

Tatütata September 22, 2020 11:54 AM

Why can’t Amazon do better? The accuracy mentioned suggests GPS.

A cluster of phones dangling from a tree all reporting nearly the same position should have a telltale signature, ain’t it?

If GPS is used, the Amazon app could be gamed by a fake position generator, like Pokémon-GO cheaters, without having to hang phones from branches.

If the Amazon-supplied app is elaborate, it could check for other phone sensor inputs, such as accelerometers. The resulting system would pretty much implements total surveillance system on the device. Uber apparently has a similar problem with drivers (who in turn have a problem with Uber…), and has recently filed a patent application on those lines.

From paragraph [0050] :

The validation of vehicle data 11 from specific vehicles can include a determination as to whether the vehicle data 11 (e.g., GPS data transmitted from a vehicle over a given duration of time) of a given vehicle is spoofed. Spoofing of GPS data can occur when unscrupulous drivers who are to be compensated for driving generate false GPS data rather than operate their respective vehicles.

The claim of issued patent US10297148 appears to cover the correlation of GPS location and speed data of different drivers working the same routes.

Amazon too has several IP titles related to the detection of spoofed locations, but apparently in the context of autonomous vehicles. (I won’t do a exhaustive analysis).

I suppose that the couriers aren’t too sophisticated (yet), but I can see a development where a plurality of phones are simulated from a fixed site using a SIM box. This would introduce yet another actor in the ecosystem, the gig broker.

SIM boxes are used by many international bypass operators for injecting telephone traffic in target countries, say in Africa or South America. National operators in countries with poor currency reserves will charge far more for international terminating traffic than domestic mobile calls. Fly-by-night international “carriers” will then typically route incoming calls using VoIP and inject them in the mobile network (the concentrated call source incidentally degrades the cell). They need to cycle through a collection of cheap SIM cards to evade detection. A small but lucrative industry has developed in the north for detecting such links, using test calls to dummy numbers, and reconciliation with international and mobile call records. A detected pirate link will lead to the corresponding SIM card being deactivated.

Jeff September 22, 2020 1:32 PM

Readers are suggesting that Amazon could detect this — the app could check things, etc. But why would Amazon spend money programming their system or an app to detect such things? Participating in this cat-and-mouse game would be expensive and of little benefit to Amazon. Better to rely on people reporting abuse, then investigate that.

Clive Robinson September 22, 2020 3:46 PM

@

A cluster of phones dangling from a tree all reporting nearly the same position should have a telltale signature, ain’t it?

Yes butvwould it be relevant?

Six phones in a tree or six blokes smoking cigarettes under a tree, how do you tell?

As noted the “algorithm” appears to award a job based on how close a driver is to the front door of the dispatch point.

Thus you would expect half a dozen drivers to end in a huddle close to the door…

The obvious answers to the issue are,

1, Put CCTV in the vicinity of the dispatch point and record to vidio or do facial recognition.

2, Change the algorithm in some way, of which I can think of several (but why give it for free to the worlds richest divit).

Personally I don’t think Amazon care one jot as long as the delivery gets made quickly.

However we do know that Amazon have an adverserial aproach to workers hard earned rights etc.

Thus I suspect they will use option one, and “keep the information on file” pending a time when they want an excuse to terminate someone for other reasons.

Clive Robinson September 22, 2020 3:49 PM

@ Tatütata,

My appologies my above is ment for you.

I will blaim the cut on the pad of my finger that is still healing, for effecting my normal way of doing things 0:)

David September 22, 2020 9:14 PM

There are two penalties to Amazon here:
Deliveries take longer than they should
They could cut out the middleman and pay their drivers less

Jon September 23, 2020 11:49 PM

Must admit I’d be strongly tempted to climb that tree with a stepladder and a bucket. Which is why I suspect it would also be organized – there will be a large gentleman there to discourage people from climbing that tree with a bucket.

J.

vas pup September 24, 2020 1:46 PM

Amazon unveils flying Ring security camera drone
https://www.bbc.com/news/technology-54285692

“Amazon’s smart home security division Ring has unveiled a flying camera that launches if sensors detect a potential home break-in.
It is designed to only activate when residents are out, works inside, and is limited to one floor of a building.

Owners will be given a smartphone alert to let them see the footage.
The company is not calling it a drone, but to all intents and purposes it is. The device is likely to spark fresh privacy concerns about the brand.
“The Always Home Cam is an incredibly ambitious device that will seem like something from a science fiction movie for many consumers,” commented Ben Wood from the consultancy CCS Insight.

“I expect it to generate a huge amount of interest from technology enthusiasts who are typically the people who embrace smart home technology first. However, it is also likely to provoke a huge discussion around privacy and the future role of technology in the home.”

Amazon said that privacy had been “top of mind” when the machine was designed.

It only reports when it’s in motion, and when it’s not in motion it actually sits in a dock where it’s physically blocked from even being able to report,” explained Leila Rouhi, president of Ring.

“In addition to that, it’s built to be loud, so it’s really privacy that you can hear.”
The device is set to cost $250 (£192) when it goes on sale. At launch, it will be limited to the US.

The division also unveiled a new security camera designed for use in a car, which can monitor for nearby activity when the vehicle is parked.”

vas pup September 24, 2020 1:57 PM

‘We never sleep’: Exhibition explores secret life of spies

https://www.dw.com/en/we-never-sleep-exhibition-explores-secret-life-of-spies/a-55029834

“The need for those in power to spy on their opponents at home and abroad dates back centuries, noted historian Wolfgang Krieger in an interview with Focus magazine. The Egyptian pharaohs sent out scouts to spy on their enemies, while the Greeks and Romans concocted wonderful ways to secretly transmit messages via, for example, tattoos on a slave’s head or inscribed tin plates sewn into leather sandals. In many ways, the undercover agents of antiquity were as sophisticated as the CIA and KGB would become thousands of years later.

Until the 15th century, however, enlisted spies did not usually pursue espionage as a full-time job, but rather snooped while working their day jobs as soldiers or merchants. It was not until the reign of Queen Elizabeth I (1533-1603) that the first official secret service was established.

At the time, many technological inventions were first tested for their suitability for espionage. In this tradition, the ingenious tinkerer Q in the James Bond series invented all manner of essential spy tools such as encrypted codes, deciphering machines and a seemingly harmless ballpoint pen that doubles as a deadly weapon.”

Enjoy the whole article!

k15 September 25, 2020 10:19 AM

Has anyone else been noticing that supply chain security has become something of a performative joke? Address labels that you can pull off and affix to a different envelope, packages delivered in unmarked vehicles by drivers who don’t knock or ring the doorbell? And more.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.