One of the best Kindle features was also a security disaster waiting to happen Kindle Paperwhite
Since launching in 2007, Amazon’s Kindle ebooks have become a near-essential tool in the arsenal of any bookworm, holding hundreds of different titles on a single device. The problem with digitizing the reading process, however, is that not even your library is now safe from attack.
According to a report from security firm Realmode Labs, a chain of vulnerabilities present until recently in Kindle ebooks had created a situation whereby an attacker could compromise a victim’s device and account.
The exploit revolved around the popular “Send to Kindle” feature, which allows users to deliver ebooks to their devices via email, researcher Yogev Bar-on explained in a blog post. Armed with knowledge of the device address, a hacker could have delivered a malicious ebook that, when clicked on, would allow them to perform arbitrary code execution.
By this method of attack, says Bar-On, an attacker could have gained access to personal details, made purchases using the owner’s credit card and sold ebooks on the Kindle marketplace before siphoning funds into their own account.
Kindle security vulnerability
Although users might think their Kindle is low on the list of devices likely to be targeted by cybercriminals, the discovery acts as a reminder that all internet-connected technology can be exploited to steal funds and personal data.
As such, it’s important that device owners are cautious about clicking on web links from disreputable sources, unsolicited email attachments and, in this case, ebooks that appear on their devices unexpectedly.
Amazon was alerted to the Kindle vulnerabilities in October and has since issued an automatic fix for a number of models. According to Bar-On, there is no evidence the exploit was abused in the wild while it remained active.
“The security of our devices and services is a top priority. We have released an automatic software update over the internet fixing this issue for all Amazon Kindle models released after 2014. Other impacted Kindle models will also receive this fix,” said an Amazon spokesperson.
“We also have measures in place to help prevent customers from receiving content they haven’t requested. We appreciate the work of independent researchers who help bring potential issues to our attention.”
In an email exchange with TechRadar Pro, Amazon explained it has since added additional characters to device email aliases, making them far more difficult to guess. In other instances, customers will receive email notifications that require additional confirmation before an ebook is delivered to the device.
Amazon also sought to clarify that an attacker could not gain access to raw credit card details nor account passwords by the method demonstrated by researchers, because the data is not stored on-device.
Via VICE
Since launching in 2007, Amazon’s Kindle ebooks have become a near-essential tool in the arsenal of any bookworm, holding hundreds of different titles on a single device. The problem with digitizing the reading process, however, is that not even your library is now safe from attack. According to a report…
Recent Posts
- 30TB hard drives will finally become mainstream next year — Japanese rival to Seagate and Western Digital reveals plans to launch two 30TB+ HDDs in 2025 using two different technologies
- Quordle today – hints and answers for Sunday, May 19 (game #846)
- Blue Origin’s first crewed launch since 2022: Where to watch
- This modder proves everything’s better with a GBA SP screen attached
- Mobile industry is quietly preparing for the biggest change to your smartphone in a decade — iSIM will hasten the end of SIM cards and allow networks to preload plans on devices
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011