Kindle Flaw could have let hackers take control of the device

Image of article titled Kindle Flaw Could Have Let Hackers Take Control of Your Ebook Reader and Steal Information

Photo: Sam Rutherford / Gizmodo

All connected gadgets are technically vulnerable to bad actors, but Amazon’s Kindle e-readers aren’t exactly the first device that comes to mind when you think of a security risk. However, researchers have found that Kindle had flaws that could have allowed hackers to take control of the device – and all of this would have require is malware masquerading as an ebook.

The flaws were discovered and disclosed by Check Point Research, a well-known security company. The vulnerabilities have been discovered in the way the device scans eBooks and, if exploited, could allow hackers to not only control a user’s Kindle, but also steal sensitive information. such as your Amazon account credentials or billing information. Attackers can also delete your entire library or convert your Kindle into a bot that performs attacks on other devices on your local network. The only thing a potential victim would have to do is download and open an eBook that contains malware.

You might think it would be unlikely, but self-published authors are constantly uploading their own eBooks to the official Amazon Kindle store. Anyone who uses an eReader frequently will tell you that there are multiple ways to upload non-Amazon content on a Kindle. As to why you would want to bypass Amazon’s store, it’s as easy as wanting to read a title that isn’t natively formatted for a Kindle yet. Or maybe you want to put aside a title that has not yet been translated by official sources into your language. And as CPR points out, no one expects to download a malicious ebook.

“In this case, what alarmed us the most was the degree of specificity of the victim in which the exploitation could have occurred. Of course, security holes allow an attacker to target a very specific audience. Yaniv Balmas, Head of Cyber ​​Research at Check Point Software, said in a report. Balmas explained that bad actors can easily target speakers of a particular language. All they would have to do to target, say, Romanians, is publish a popular book in ebook format in that language. Since most people downloading this book would probably speak Romanian, a hacker could be sure that almost all victims would be Romanian.

“This degree of specificity in offensive attack capabilities is highly sought after in the world of cybercrime and cyberespionage. In the wrong hands, these offensive capabilities could cause serious damage, which is of great concern to us, ”Balmas said.

Fortunately, it does not appear that this feat has been used in the wild. The CPR says it disclosed the vulnerabilities to Amazon in February 2021, and a patch was applied in Kindle firmware update 5.13.5 in April. As long as your Kindle has access to the Internet since then, you should be running the latest software.

“Our research shows that any electronic device, ultimately, is a form of computer,” Balmas said. “And as such, these IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks involved in using anything connected to the computer, especially something as ubiquitous as the Amazon Kindle.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *