Kindle Flaw Could Have Let Hackers Take Control of Device

All related devices are technically susceptible to unhealthy actors, however Amazon’s Kindle e-readers aren’t precisely the primary machine that’d pop into your head once you consider a safety danger. However, researchers have discovered that Kindles had flaws that would’ve allowed hackers to grab management of the machine—and all it could’ve require is malware masquerading as an e-book.

The flaws had been found and disclosed by Check Point Research, a well known safety agency. The vulnerabilities had been present in how the machine parses ebooks, and if exploited, may allow hackers to not solely management a consumer’s Kindle but additionally steal delicate info, reminiscent of your Amazon account credentials or billing info. Attackers may additionally delete your whole library, or convert your Kindle right into a bot that runs assaults on different units in your native community. The solely factor a possible sufferer must do is obtain and open an e-book containing malware.

You may assume that might be unlikely, however self-published authors add their very own ebooks onto Amazon’s official Kindle Store on a regular basis. Anyone who incessantly makes use of an e-reader will let you know there are several ways to load non-Amazon content onto a Kindle. As for why you’d wish to sidestep Amazon’s retailer, it’s so simple as desirous to learn a title that’s not but formatted natively for a Kindle. Or maybe you wish to sideload a title that hasn’t been translated by official sources into your language simply but. And as CPR factors out, no one expects to obtain a malicious e-book.

“In this case, what alarmed us the most was the degree of victim specificity that the exploitation could have occurred in. Naturally, the security vulnerabilities allow an attacker to target a very specific audience,” Yaniv Balmas, head of cyber analysis at Check Point Software, stated in an announcement. Balmas defined that unhealthy actors may simply goal audio system of a specific language. All they must do to focus on, say, Romanians, is publish a well-liked ebook in an e-book format in that language. Because most individuals downloading that ebook would probably communicate Romanian, a hacker could possibly be assured almost all victims could be Romanian.

“That degree of specificity in offensive attack capabilities is very sought after in the cybercrime and cyber-espionage world. In the wrong hands, those offensive capabilities could do some serious damage, which concerned us immensely,” Balmas stated.

Thankfully, it doesn’t seem that this exploit has been used within the wild. CPR says it disclosed the vulnerabilities to Amazon in February 2021, and a patch was pushed by means of within the 5.13.5 Kindle firmware replace in April. So lengthy as your Kindle has had web entry since then, try to be working the most recent software program.

“Our research demonstrates that any electronic device, at the end of the day, is some form of computer,” Balmas stated. “And as such, these IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle.”