Safety researchers from Test Level Analysis (CPR) have found safety flaws in Amazon Kindle that would enable an attacker to acquire info saved on consumer gadgets if exploited.
With the intention to exploit these flaws on the earth’s hottest e-reader, an attacker would wish to ship a malicious e-book to a sufferer. As soon as this e-book has been delivered to a consumer’s machine, a possible sufferer merely must open it to start out the exploit chain as no different consumer interplay is required.
Throughout its testing, CPR demonstrated that an e-book may very well be used as malware on an Amazon Kindle which would allow an attacker to delete a user’s e-book library or convert their device into a malicious bot enabling them to attack other devices on a user’s local network.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.
Moreover an attacker might doubtlessly steal a Kindle’s Amazon machine token or different delicate info saved on a consumer’s e-reader.
Focusing on a really particular viewers
Because the safety flaws found by CPR use malicious e-books as an assault vector, a risk actor might goal a really particular viewers when launching their assaults.
For example, if an attacker needed to focus on a selected group of individuals or demographic, they might simply choose a preferred e-book within the correlating language or dialect to orchestrate a extremely focused cyber assault.
Fortunately although, CPR disclosed its findings to Amazon again in February and the ecommerce big deployed a repair in April with the discharge of version 5.13.5 of the Kindle’s firmware which installs robotically on all gadgets linked to the web.
Head of cyber analysis at Test Level Software program, Yaniv Balmas warned in a press release that Amazon Kindle in addition to all IoT gadgets are simply as susceptible to cyberattacks as smartphones and computer systems, saying:
“We discovered vulnerabilities in Kindle that may have allowed an attacker to take full management of the machine. By sending Kindle customers a single malicious e-book, a risk actor might have stolen any info saved on the machine, from Amazon account credentials to billing info. Kindle, like different IoT gadgets, are sometimes regarded as innocuous and disregarded as safety dangers. However our analysis demonstrates that any digital machine, on the finish of the day, is a few type of laptop. And as such, these IoT gadgets are susceptible to the identical assaults as computer systems. Everybody ought to pay attention to the cyber dangers in utilizing something linked to the pc, particularly one thing as ubiquitous as Amazon’s Kindle.”
Tech specialist. Social media guru. Evil problem solver. Total writer. Web enthusiast. Internet nerd. Passionate gamer. Twitter buff.