Amazon Kindle security flaws could have let hackers hijack your device

Safety researchers from Test Level Analysis (CPR) have found safety flaws in Amazon Kindle that would enable an attacker to acquire info saved on consumer gadgets if exploited.

With the intention to exploit these flaws on the earth’s hottest e-reader, an attacker would wish to ship a malicious e-book to a sufferer. As soon as this e-book has been delivered to a consumer’s machine, a possible sufferer merely must open it to start out the exploit chain as no different consumer interplay is required.

Throughout its testing, CPR demonstrated that an e-book may very well be used as malware on an Amazon Kindle which would allow an attacker to delete a user’s e-book library or convert their device into a malicious bot enabling them to attack other devices on a user’s local network.

Moreover an attacker might doubtlessly steal a Kindle’s Amazon machine token or different delicate info saved on a consumer’s e-reader.

Focusing on a really particular viewers

Because the safety flaws found by CPR use malicious e-books as an assault vector, a risk actor might goal a really particular viewers when launching their assaults.

For example, if an attacker needed to focus on a selected group of individuals or demographic, they might simply choose a preferred e-book within the correlating language or dialect to orchestrate a extremely focused cyber assault.

Fortunately although, CPR disclosed its findings to Amazon again in February and the ecommerce big deployed a repair in April with the discharge of version 5.13.5 of the Kindle’s firmware which installs robotically on all gadgets linked to the web.

Head of cyber analysis at Test Level Software program, Yaniv Balmas warned in a press release that Amazon Kindle in addition to all IoT gadgets are simply as susceptible to cyberattacks as smartphones and computer systems, saying:

“We discovered vulnerabilities in Kindle that may have allowed an attacker to take full management of the machine. By sending Kindle customers a single malicious e-book, a risk actor might have stolen any info saved on the machine, from Amazon account credentials to billing info. Kindle, like different IoT gadgets, are sometimes regarded as innocuous and disregarded as safety dangers. However our analysis demonstrates that any digital machine, on the finish of the day, is a few type of laptop. And as such, these IoT gadgets are susceptible to the identical assaults as computer systems. Everybody ought to pay attention to the cyber dangers in utilizing something linked to the pc, particularly one thing as ubiquitous as Amazon’s Kindle.”