(Prototype credit: Amazon)
Amazon Kindle, the virtually widely endemic east-reader in the U.South., had critical security flaws that alarmed cybersecurity investigators at Check Point Research (CPR). If exploited, cybercriminals could gain unauthorized access to users’ eastward-readers and wreak havoc on the pop device.
Fortunately, the CPR investigators disclosed their findings to Amazon in February of this year. Two months later, the big-box retailer rolled a firmware update to patch the Kindle’s apropos vulnerabilities.
- Office 365 users targeted in new phishing attack — Microsoft bug warning nearly crafty criminals
- All-time laptops of 2022
Hackers could have used Amazon Kindle exploit to steal credentials
CPR researchers discovered a security flaw in Amazon Kindle that, if exploited, gave cybercriminals a pathway into stealing users’ sensitive information. To take advantage of this vulnerability, the hacker would demand to successfully bait a Kindle user into downloading a malicious due east-book.
“By sending Kindle users a single malicious e-book, a threat actor could have stolen any data stored on the device, from Amazon account credentials to billing information,” Yaniv Balmas, head of Cyber Research at Check Point Software, said.
All the victim would demand to do is open the due east-book, which could spur a series of nasty events. According to the CPR study, a hacker could delete the user’s east-books, steal the Amazon device token, launch an attack on other devices inside the user’s local network. Hell, the cybercriminal could fifty-fifty transform the Kindle into a “malicious bot.”
What’s interesting about this particular exploit is that hackers can also use it to assail specific demographics.
“To use a random instance, if a threat actor wanted to target Romanaian citizens, all they would need to do is publish some free and popular e-book in the Romanian language,” Balmas said.
Security holes that allow malicious actors to employ targeted attacks are highly sought after, Balmas added, especially in the cyber-espionage world. Thankfully, as mentioned, Amazon already rolled out a set up for the exploit in April.
CPR’southward report reminds us that fifty-fifty eastward-readers are susceptible to cybercrime. We may focus on securing our phones and laptops, only we shouldn’t forget our Kindles either.
“Kindle, similar other IoT devices, are ofttimes thought of every bit innocuous and disregarded as security risks. Just our research demonstrates that any electronic device, at the end of the day, is some form of computer. And as such, these IoT devices are vulnerable to the same attacks equally computers,” Balmas said.
CPR is poised to discuss its findings in Las Vegas at DEF CON 2022, one of the earth’s largest conventions for hackers.
Posted by: Sadiyev.com