Amazon Kindle flaws could have allowed attackers to control the device

3 years ago 417

Now patched by Amazon, information vulnerabilities recovered by Check Point would person fixed attackers entree to a Kindle instrumentality and its stored data.

kindle.jpg

Image: Amazon

Amazon Kindle owners could person exposed themselves to a distant power onslaught simply by opening the incorrect e-book. In a report published connected Friday, cybersecurity supplier Check Point said that it discovered information holes successful the Kindle that would person helped a cybercriminal instrumentality afloat power of the device, perchance starring to the theft of delicate accusation including the Amazon instrumentality token, a unsocial cardinal utilized to way messages and different notifications.

SEE: Social engineering: A cheat expanse for concern professionals (free PDF) (TechRepublic)  

In February 2021, Check Point alerted Amazon to its findings, prompting the institution to rotation retired a hole successful mentation 5.13.5 mentation of the Kindle's firmware update successful April 2021. The update automatically is installed connected Kindle devices erstwhile connected to the internet. To cheque the firmware mentation connected your Kindle, spell to Settings, prime Menu, and past pat Device Info.

Before Amazon patched the information flaws, a Kindle idiosyncratic could person unknowingly triggered the exploit conscionable by opening a malicious e-book sent by the attacker, Check Point said. No different enactment would person been required. With the vulnerabilities exploited, an attacker could person gained distant power to delete a user's e-books and adjacent crook the Kindle into a malicious bot to onslaught different devices connected the user's network.

By utilizing a malicious e-book, the attacker besides could person targeted a circumstantial audience. In 1 illustration cited by Yaniv Balmas, caput of cyber probe astatine Check Point Software, a cybercriminal who wanted to people Romanian citizens would simply request to people immoderate escaped and fashionable e-books written successful Romanian. The attacker would past beryllium reasonably definite that the imaginable victims would each beryllium Romanian, a benignant of cognition that would assistance them motorboat further malicious campaigns against these users.

"Kindle, similar different IoT devices, are often thought of arsenic innocuous and disregarded arsenic information risks," Balmas said. "But our probe demonstrates that immoderate physics device, astatine the extremity of the day, is immoderate signifier of computer. And arsenic such, these IoT devices are susceptible to the aforesaid attacks arsenic computers. Everyone should beryllium alert of the cyber risks successful utilizing thing connected to the computer, particularly thing arsenic ubiquitous arsenic Amazon's Kindle."

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article