Amazon Kindle security flaws could have let hackers hijack your device
Flaws were patched by Amazon in a recent Kindle firmware update
Security researchers from Check Point Research (CPR) have discovered security flaws in Amazon Kindle that could allow an attacker to obtain information stored on user devices if exploited.
In order to exploit these flaws in the world's most popular e-reader, an attacker would need to send a malicious e-book to a victim. Once this e-book has been delivered to a user's device, a potential victim simply needs to open it to start the exploit chain as no other user interaction is required.
During its testing, CPR demonstrated that an e-book could be used as malware on an Amazon Kindle which would allow an attacker to delete a user's e-book library or convert their device into a malicious bot enabling them to attack other devices on a user's local network.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- We've assembled a list of the best e-readers available
- These are the best VPN services on the market
- Also check out our roundup of the best antivirus
Additionally an attacker could potentially steal a Kindle's Amazon device token or other sensitive information stored on a user's e-reader.
Targeting a very specific audience
As the security flaws discovered by CPR use malicious e-books as an attack vector, a threat actor could target a very specific audience when launching their attacks.
For instance, if an attacker wanted to target a specific group of people or demographic, they could easily select a popular e-book in the correlating language or dialect to orchestrate a highly targeted cyber attack.
Thankfully though, CPR disclosed its findings to Amazon back in February and the ecommerce giant deployed a fix in April with the release of version 5.13.5 of the Kindle's firmware which installs automatically on all devices connected to the internet.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Head of cyber research at Check Point Software, Yaniv Balmas warned in a press release that Amazon Kindle as well as all IoT devices are just as vulnerable to cyberattacks as smartphones and computers, saying:
“We found vulnerabilities in Kindle that would have allowed an attacker to take full control of the device. By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information. Kindle, like other IoT devices, are often thought of as innocuous and disregarded as security risks. But our research demonstrates that any electronic device, at the end of the day, is some form of computer. And as such, these IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle.”
- We've also highlighted the best malware removal software
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.