Amazon Kindle flaws could have allowed attackers to control the device

Now patched by Amazon, safety vulnerabilities discovered by Verify Level would have given attackers entry to a Kindle system and its saved knowledge.


Picture: Amazon

Amazon Kindle house owners may have uncovered themselves to a distant management assault just by opening the flawed e-book. In a report revealed on Friday, cybersecurity supplier Verify Level stated that it found safety holes within the Kindle that might have helped a cybercriminal take full management of the system, probably resulting in the theft of delicate data together with the Amazon system token, a singular key used to route messages and different notifications.

SEE: Social engineering: A cheat sheet for enterprise professionals (free PDF) (TechRepublic)  

In February 2021, Verify Level alerted Amazon to its findings, prompting the corporate to roll out a repair in model 5.13.5 model of the Kindle’s firmware replace in April 2021. The replace mechanically is put in on Kindle units when related to the web.

“Now we have launched computerized software program updates to repair these points for all Amazon Kindle fashions launched after 2012,” an Amazon spokesperson instructed TechRepublic. “We recognize the work of impartial safety researchers who assist convey potential points to our consideration.”

To test the firmware model in your Kindle, go to Settings, choose Menu, after which faucet Gadget Data. Verify Level additionally advises Kindle customers to use frequent sense and never open or obtain any e-books that look suspicious or come from untrusted sources.

Earlier than Amazon patched the safety flaws, a Kindle person may have unknowingly triggered the exploit simply by opening a malicious e-book despatched by the attacker, Verify Level stated. No different motion would have been required. With the vulnerabilities exploited, an attacker may have gained distant management to delete a person’s e-books and even flip the Kindle right into a malicious bot to assault different units on the person’s community.

By utilizing a malicious e-book, the attacker additionally may have focused a selected viewers. In a single instance cited by Yaniv Balmas, head of cyber analysis at Verify Level Software program, a cybercriminal who wished to focus on Romanian residents would merely have to publish some free and in style e-books written in Romanian. The attacker would then be pretty sure that the potential victims would all be Romanian, a kind of data that might assist them launch additional malicious campaigns in opposition to these customers.

“Kindle, like different IoT units, are sometimes regarded as innocuous and disregarded as safety dangers,” Balmas stated. “However our analysis demonstrates that any digital system, on the finish of the day, is a few type of pc. And as such, these IoT units are weak to the identical assaults as computer systems. Everybody ought to pay attention to the cyber dangers in utilizing something related to the pc, particularly one thing as ubiquitous as Amazon’s Kindle.”

Editor’s observe: This text has been up to date with extra data and remark.

Additionally see

Recent Articles


Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox