Amazon Kindle exploit allowed hackers to steal your info — even e-readers aren’t safe | Laptop Mag

Amazon Kindle exploit allowed hackers to steal your info — even e-readers aren’t safe

Amazon Kindle
(Prototype credit: Amazon)

Amazon Kindle, the virtually widely endemic east-reader in the U.South., had critical security flaws that alarmed cybersecurity investigators at Check Point Research (CPR). If exploited, cybercriminals could gain unauthorized access to users’ eastward-readers and wreak havoc on the pop device.

Fortunately, the CPR investigators disclosed their findings to Amazon in February of this year. Two months later, the big-box retailer rolled a firmware update to patch the Kindle’s apropos vulnerabilities.

  • Office 365 users targeted in new phishing attack — Microsoft bug warning nearly crafty criminals
  • All-time laptops of 2022

Hackers could have used Amazon Kindle exploit to steal credentials

CPR researchers discovered a security flaw in Amazon Kindle that, if exploited, gave cybercriminals a pathway into stealing users’ sensitive information. To take advantage of this vulnerability, the hacker would demand to successfully bait a Kindle user into downloading a malicious due east-book.

Amazon Kindle

Amazon Kindle

(Paradigm credit: Amazon)

“By sending Kindle users a single malicious e-book, a threat actor could have stolen any data stored on the device, from Amazon account credentials to billing information,” Yaniv Balmas, head of Cyber Research at Check Point Software, said.

All the victim would demand to do is open the due east-book, which could spur a series of nasty events. According to the CPR study, a hacker could delete the user’s east-books, steal the Amazon device token, launch an attack on other devices inside the user’s local network. Hell, the cybercriminal could fifty-fifty transform the Kindle into a “malicious bot.”

What’s interesting about this particular exploit is that hackers can also use it to assail specific demographics.

“To use a random instance, if a threat actor wanted to target Romanaian citizens, all they would need to do is publish some free and popular e-book in the Romanian language,” Balmas said.

Security holes that allow malicious actors to employ targeted attacks are highly sought after, Balmas added, especially in the cyber-espionage world. Thankfully, as mentioned, Amazon already rolled out a set up for the exploit in April.

CPR’southward report reminds us that fifty-fifty eastward-readers are susceptible to cybercrime. We may focus on securing our phones and laptops, only we shouldn’t forget our Kindles either.

“Kindle, similar other IoT devices, are ofttimes thought of every bit innocuous and disregarded as security risks. Just our research demonstrates that any electronic device, at the end of the day, is some form of computer. And as such, these IoT devices are vulnerable to the same attacks equally computers,” Balmas said.

CPR is poised to discuss its findings in Las Vegas at DEF CON 2022, one of the earth’s largest conventions for hackers.

Kimberly Gedeon, holding a Main’s degree in International Journalism, launched her career equally a journalist for MadameNoire’s business vanquish in 2022. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-sympathise, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. Later 8 years of freelancing, dabbling in a myriad of beats, she’southward finally found a domicile at Laptop Mag that accepts her as the crypto-fond, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!


Posted by: