shot-button
Ganesh Chaturthi Ganesh Chaturthi
Home > Technology News > Hackers might exploit bug in Amazon Kindle company issues fix

Hackers might exploit bug in Amazon Kindle, company issues fix

Updated on: 09 August,2021 12:00 AM IST  |  New Delhi
IANS |

Kindle, like other IoT devices, are often thought of as innocuous and disregarded as security risks

Hackers might exploit bug in Amazon Kindle, company issues fix

Photo for representational purpose

A team of cyber-security researchers has discovered security flaws in popular e-reading device Amazon Kindle that might have led hackers to take full control of a Kindle device, opening a path to stealing information stored.


By tricking victims into opening a malicious e-book, a threat actor could have leveraged the flaws to target specific demographics and take full control of a Kindle device, according to a Check Point Research (CPR) team.



The researchers disclosed its findings to Amazon and the company deployed a fix via a Kindle's firmware update in April this year. The patched firmware installs automatically on devices connected to the Internet.


"By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information," said Yaniv Balmas, Head of Cyber Research at Check Point Software.

Kindle, like other IoT devices, are often thought of as innocuous and disregarded as security risks.

Also read: Hackers using Discord to spread malware: Report

"But our research demonstrates that any electronic device, at the end of the day, is some form of computer. And as such, these IoT devices are vulnerable to the same attacks as computers," he added.

The exploitation involves sending a malicious e-book to a victim.

Once the e-book is delivered, the victim simply needs to open it to start the exploit chain.

No other indication or interactions are required on behalf of the victim to execute the exploitation.

The team proved that an e-book could have been used as malware against Kindle, leading to a range of consequences.

For example, an attacker could delete a user's e-books, or convert the Kindle into a malicious bot, enabling them to attack other devices in the user's local network.

"Amazon was cooperative throughout our coordinated disclosure process, and we're glad they deployed a patch for these security issues," the CPR team noted.

This story has been sourced from a third party syndicated feed, agencies. Mid-day accepts no responsibility or liability for its dependability, trustworthiness, reliability and data of the text. Mid-day management/mid-day.com reserves the sole right to alter, delete or remove (without notice) the content in its absolute discretion for any reason whatsoever.

"Exciting news! Mid-day is now on WhatsApp Channels Subscribe today by clicking the link and stay updated with the latest news!" Click here!


Mid-Day Web Stories

Mid-Day Web Stories

This website uses cookie or similar technologies, to enhance your browsing experience and provide personalised recommendations. By continuing to use our website, you agree to our Privacy Policy and Cookie Policy. OK