Security News > 2021 > January > Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover
Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user's email address.
The first vulnerability in the exploit chain was related to the "Send to Kindle" feature, which allows users to send an e-book in MOBI format to their Kindle device via email as an attachment.
The malicious e-book achieved code execution by leveraging a vulnerability related to a library used by the Kindle to parse JPEG XR images.
"The attacker could access device credentials and make purchases on the Kindle store using the victim's credit card. Attackers could sell an e-book on the store and transfer money to their account," Bar-On explained in a blog post.
While the Send to Kindle feature only allows users to send e-books from pre-approved email addresses, the researcher pointed out that an attacker could have simply used an email spoofing service.
"The security of our devices and services is a top priority. We have already released an automatic software update over the Internet fixing this issue for all Amazon Kindle models released after 2014," an Amazon spokesperson told SecurityWeek.