Amazon Kindle Vulnerable to Malicious EBooks

2021-08-06 18:54

A security flaw in Amazon's Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more.

Check Point disclosed the bug to Amazon in February, and it was fixed in April; Amazon released patched firmware to be automatically installed on every Kindle connected to the internet.

It's unclear if the bug was exploited prior to the patch, but crisis appears to have been averted: Any serious attack could have affected tens of millions of Kindle users across the globe.

"A malicious eBook can be published and made available for free access in any virtual library, including the Kindle Store, via the 'self-publishing' service, or sent directly to the end-user device via the Amazon 'send to Kindle' service."

The Check Point team was able to create a proof-of-concept malicious eBook that, once it was opened on a Kindle, would have executed a hidden code with root rights, the report explained.

The malware developed by Check Point then gained root access, giving the attacker total control of the Kindle, including access to the user's Amazon account, cookies and the device's private keys.

News URL

https://threatpost.com/amazon-kindle-malicious-ebooks/168454/

#amazon #ebook

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Amazon		64	9	60	39	13	121