This Kindle bug can allow hackers to steal personal information; Amazon rushes to issue fix
This Kindle bug had the potential to steal account data, turn it into a bot, attack other devices nearby and even erase all your books.
Kindle bug patch: Amazon recently issued a security fix for its Kindle e-readers which patches a bug that could allow a hacker to steal personal information from devices with the help of a maliciously crafted e-book. The security flaw was identified by researchers who informed the company about it months ago and this has been fixed by Amazon now.
In their report on the security flaw identified by them, Check Point research's Slava Makkaveev explained that the bug that affected the e-readers could be taken advantage of not only via users sharing ebooks to their devices (via the Send to Kindle feature) but also through books published to the Kindle Store, which means that user could also have downloaded some dangerous books through the store.
Also read: Looking for a smartphone? Check Mobile Finder here.
Malicious ebooks on Kindle!
As Makkaveev points out, antivirus programs do not usually have signatures for e-books and users do not usually expect that the e-book they are reading could be malicious. “We succeeded in making a malicious book. If you were to open this book on a Kindle device, it could have caused a hidden piece of code to be executed with root rights. From this moment on, you can assume that you have lost control of your e-reader,” he explains.
How much damage can be caused?
As soon as a user opened a maliciously crafted book on their Kindle device, Makkaveev says that an attacker could possibly erase the ebooks on your Kindle. They might also gain complete access to your Amazon account details. The device might also be converted into a bot that could attack other devices connected to the same local network – as the post describes it, causing irreparable damage. You can read all about the researcher's work on identifying the flaw here.
When was Amazon informed about the Kindle bug?
Amazon was informed about the security flaws in February 2021. The company issued a fix to affected Kindle devices two months later in April. The version of the firmware that includes the fix is 5.13.5 – this means that as long as your Kindle is connected to the internet, it should already be patched with the latest version that includes the security patch for this security flaw.
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.