Check Point has revealed vulnerabilities in Amazon’s Kindle e-readers.
All one needs to do is open a malicious e-book and hackers can get access to your device.
The process can be quite easy as the distribution of self-published e-books on the Kindle is not very difficult.
Amazon’s Kindle e-readers are probably one of the few devices one would suspect to get hacked. Cybersecurity firm Check Point researchers have discovered loopholes that can potentially let attackers gain access to a Kindle. The threat might not sound as scary but it can give hackers control over locally connected networks through the Kindle in addition to stealing data on the device.
The process of the exploitation is quite easy as it requires the user to open a malicious e-book on the Kindle. Once the malicious e-book is opened, hackers can get access to the Kindle and carry out activities like deleting your entire library and steal information like your Amazon credentials. Hackers could even turn your Kindle into a malicious bot and then gain access to other devices connected to your Wi-Fi.
It’s also quite easy to publish e-books for users to access it on their Kindle e-readers. The Kindle Store has a self-publishing service that lets self-published authors upload their e-books. There’s also Amazon’s “send to kindle” service that makes it easy to send e-books. The fact that e-books are used to install malicious software is quite unheard of makes this even easier for hackers.
Check Point also highlighted how this Kindle exploitation could be an easy operation for hackers to target specific audiences. This could be based on the demographics of users by selecting popular e-books to target a specific group of users speaking the same language or dialect.
“To use a random example, if a threat actor wanted to target Romanian citizens, all they would need to do is publish some free and popular e-book in the Romanian language. From there, the threat actor could be pretty certain that all of its victims would, indeed, be Romanian – that degree of specificity in offensive attack capabilities is very sought after in the cybercrime and cyber-espionage world,” Check Point said in a release.
There haven't been any reported issues of this Kindle vulnerability. Check Point said it informed Amazon about these vulnerabilities in February this year. Amazon later patched it through a firmware update version 5.13.5 for the Kindle in April. If you’ve updated your Kindle to the latest version it should be fine. For a more detailed technical explanation of this, you can check out Check Point’s blog.
Marcia Sekhose, BII
_______________________
0 facebook:
Post a Comment