Check Point revealed its findings in a piece of research published as part of the DEF CON security conference in Las Vegas.
In the study Yaniv Balmas, head of cyber research at Check Point, wrote: “Equipped with these tokens the attacker would now be able to access the victims Amazon account and perform anything on his behalf.”
While speaking to Forbes Balmas added: “Our research demonstrates that any electronic device, at the end of the day, is some form of computer.
“And as such, these IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle”.
https://spinsafe.com/wp-content/uploads/2021/08/1473805.jpg445750SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-08-08 02:30:052021-08-08 02:30:05One dangerous eBook can wipe your Amazon Kindle and let hackers steal your account
Your Amazon Kindle and your Amazon account could be hacked by just opening a single ebook, according to research published Friday as part of the DEF CON security conference taking place in Las Vegas this week.
Once the malicious book is opened, a remote hacker could delete all books on the device and could steal the authentication token used to get into an Amazon account, according to the proof of concept attack developed by researchers at Israel-based cybersecurity company Check Point. “Equipped with these tokens the attacker would now be able to access the victims Amazon account and perform anything on his behalf,” said Yaniv Balmas, head of cyber research at Check Point. An attacker could have also used the Kindle as a launchpad for attacking other devices on a local WiFi network.
Balmas was able to create a evil ebook that took advantage of a flaw in the Kindle operating system that meant when parsing images from the book it wasn’t limiting the amount of code that could be written to the device, known as a heap overflow bug. That flaw allowed him to overwrite parts of memory. To get complete control of the Amazon device, he discovered another flaw that allowed him to grant himself root user rights.
Amazon, however, has fixed the issue and users who are running the latest Kindle software should be safe from attacks. The issues were reported to Amazon in February 2021 and fixed in the 5.13.5 version of Kindle’s firmware in April, the patched software installed automatically on internet-connected devices. Amazon hadn’t responded to a request for comment at the time of publication.
But the research brings to light questions about how much a Kindle user can trust books self-published on Amazon’s marketplace, or ebooks downloaded from any platform. It’s also the first example of a hack getting complete remote control over a Kindle with a malicious book.
“Our research demonstrates that any electronic device, at the end of the day, is some form of…
https://spinsafe.com/wp-content/uploads/2021/08/1628258412_0x0.jpg7981200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-08-06 10:00:062021-08-06 10:00:06Amazon Kindle Hack Needs Just One Evil Ebook To Take Over Your Ereader—And Maybe Your Amazon Account Too
Graham Cluley Security News is sponsored this week by the folks at Immersive Labs. Thanks to the great team there for their support! Attacks and breaches are a fact of life. They happen. What’s most important is how well your organisation responds. And technology isn’t enough. Your staff must be ready too. Immersive Labs delivers … Continue reading “Free ebook: Aligning cyber skills with the MITRE ATT&CK framework” Graham Cluley
https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg00https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg2020-09-09 10:15:042020-09-09 10:15:04Free ebook: Aligning cyber skills with the MITRE ATT&CK framework
Download the free VIPRE e-book “A Business Owner’s Guide to Cybersecurity” to learn more about how and where cybercriminals are likely to strike and how to protect your business from cyberattacks using a layered security approach.
https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg00https://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svg2019-05-06 15:12:572019-05-06 15:12:57Free eBook: A Business Owner’s Guide to Cybersecurity