Security News > 2021 > August > New Amazon Kindle Bug Could've Let Attackers Hijack Your eBook Reader

New Amazon Kindle Bug Could've Let Attackers Hijack Your eBook Reader
2021-08-06 03:34

Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book.

"By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information," Yaniv Balmas, head of cyber research at Check Point, said in an emailed statement.

Upon responsibly disclosing the issue to Amazon in February 2021, the retail and entertainment giant published a fix as part of its 5.13.5 version of Kindle firmware in April 2021.

Attacks exploiting the flaw commence by sending a malicious e-book to an intended victim, who, upon opening the book, triggers the infection sequence sans any interaction, allowing the bad actor to delete the user's library, gain full access to the Amazon account, or convert the Kindle into a bot for striking other devices in the target's local network.

Earlier this January, Amazon fixed similar weaknesses - collectively named "KindleDrip" - that could have allowed an attacker to take control of victims' devices by delivering a malicious e-book to the targets and make unauthorized purchases.

"These IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon's Kindle."


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/dBPrsd-4_y4/new-amazon-kindle-bug-couldve-let.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Amazon 59 4 39 61 15 119