Tag Archive for: Kindle

Amazon Fixes Flaw on Kindle That Could’ve Allowed Hackers Steal Billing Data


Amazon was informed about the flaw back in April.

Amazon was informed about the flaw back in April.

A report notes Amazon Kindle e-reader could’ve be vulnerable to hacking through free e-books. Additionally, Kindle exploitation could be an easy operation for hackers to target specific audiences.

  • News18.com
  • Last Updated:August 10, 2021, 11:21 IST
  • FOLLOW US ON:

Amazon Kindle remains a popular choice for e-book readers, but its popularity also opens doors for security risks. That’s exactly what security research firm Check Point demonstrated in its latest report that notes Kindle e-reader could’ve be vulnerable to hacking through free e-books. The company states that a malicious book can be published and made available for free on e-libraries, including the Kindle Store, via the “self-publishing” service. These books can often reach end-users directly from the hacker in the guise of services from Amazon. If successfully installed, malware-laden e-books can expose information, billing accounts, and so. Even stolen email IDs can pave the way for sophisticated phishing attacks.

Check Point further claims that anti-viruses do not have signatures for e-books, which essentially means these applications may not detect the malware. The company adds that it successfully uploaded the malware to highlight the vulnerability. In a release, it is said that Kindle exploitation could be an easy operation for hackers to target specific audiences. This was possible by targeting books popular in a particular region. “To use a random example, if a threat actor wanted to target Romanian citizens, all they would need to do is publish some free and popular e-book in the Romanian language.” Speaking more over the possibility of a breach, the company notes that understanding Kindle’s architecture, which uses Linux codes at its core, helped them successfully hack their own e-reader.

Check Point demonstrated how an e-book could function as malware to Amazon back in February, and the issue is seemingly patched. Amazon addressed the vulnerability via an OTA update 5.13.5 version in April 2021. To check the version manually, from Home > Select Menu > Settings. You will see the current software version at the bottom of the screen. To manually update, using a…

Source…

Hackers might exploit bug in Amazon Kindle, company issues fix


New Delhi: A team of cyber-security researchers has discovered security flaws in popular e-reading device Amazon Kindle that might have led hackers to take full control of a Kindle device, opening a path to stealing information stored.
By tricking victims into opening a malicious e-book, a threat actor could have leveraged the flaws to target specific demographics and take full control of a Kindle device, according to a Check Point Research (CPR) team.

The researchers disclosed its findings to Amazon and the company deployed a fix via a Kindle’s firmware update in April this year. The patched firmware installs automatically on devices connected to the Internet.
“By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information,” said Yaniv Balmas, Head of Cyber Research at Check Point Software.
Kindle, like other IoT devices, are often thought of as innocuous and disregarded as security risks.
“But our research demonstrates that any electronic device, at the end of the day, is some form of computer. And as such, these IoT devices are vulnerable to the same attacks as computers,” he added.
The exploitation involves sending a malicious e-book to a victim.
Once the e-book is delivered, the victim simply needs to open it to start the exploit chain.
No other indication or interactions are required on behalf of the victim to execute the exploitation.
The team proved that an e-book could have been used as malware against Kindle, leading to a range of consequences.
For example, an attacker could delete a user’s e-books, or convert the Kindle into a malicious bot, enabling them to attack other devices in the user’s local network.
“Amazon was cooperative throughout our coordinated disclosure process, and we’re glad they deployed a patch for these security issues,” the CPR team noted.
 

Source…

Beware of Kindle books infested with Malware


The Kindle is easily among the lesser attractive targets when it comes to hacking. However, it could still be worthwhile to ensure the highest levels of security to the device considering that it contains such information as your Amazon account details as well as billing info, and in the wrong hands, these could lead to disastrous consequences.

Fortunately, anything of that sort has been averted, or so it seems. A flaw of this magnitude did exist in present-day Kindle eReader devices that have been detected by the Israeli security firm, Check Point Research. It revealed its findings at the hacker and cybersecurity convention, DEF CON. Amazon responded with a patch via Kindle firmware update 5.13.5 that plugged the hole. So, anyone who might not have connected their Kindle to the internet in a while has a strong reason to do so now.

As for the modus operandi, it couldn’t have been simpler than this. All that could have led to your Kindle being hacked was download malware that is in the guise of an eBook. Just opening the eBook would hand over the control of the Kindle to the hackers, who will now have complete control over your device without you even being aware of it.

The damage is done in the few seconds that the device needs to process the eBook before displaying it on the screen. A code will be running in the background that would make the Kindle be remotely operable by the hackers. Your Kindle could also be used as a launchpad for attacking other devices in the local network.

Does downloading eBooks from the Kindle Store could have posed a risk? Less likely but no way it can be guaranteed. After all, there is no dearth of self-published authors uploading their content on the Kindle Store regularly. Plus, we often tend to side-load eBooks which too could have been another source of malware-infested eBooks making their way to the Kindle.

Source…