Amazon Kindle flaws may have allowed attackers to regulate the gadget
Now patched by Amazon, safety vulnerabilities discovered by Verify Level would have given attackers entry to a Kindle gadget and its saved information.
Amazon Kindle house owners may have uncovered themselves to a distant management assault just by opening the flawed e-book. In a report printed on Friday, cybersecurity supplier Verify Level stated that it found safety holes within the Kindle that might have helped a cybercriminal take full management of the gadget, probably resulting in the theft of delicate info together with the Amazon gadget token, a singular key used to route messages and different notifications.
SEE: Social engineering: A cheat sheet for enterprise professionals (free PDF) (TechRepublic)
In February 2021, Verify Level alerted Amazon to its findings, prompting the corporate to roll out a repair in model 5.13.5 model of the Kindle’s firmware replace in April 2021. The replace mechanically is put in on Kindle gadgets when linked to the web.
“We have now launched computerized software program updates to repair these points for all Amazon Kindle fashions launched after 2012,” an Amazon spokesperson informed TechRepublic. “We recognize the work of impartial safety researchers who assist deliver potential points to our consideration.”
To verify the firmware model in your Kindle, go to Settings, choose Menu, after which faucet System Information. Verify Level additionally advises Kindle customers to use widespread sense and never open or obtain any e-books that look suspicious or come from untrusted sources.
Earlier than Amazon patched the safety flaws, a Kindle person may have unknowingly triggered the exploit simply by opening a malicious e-book despatched by the attacker, Verify Level stated. No different motion would have been required. With the vulnerabilities exploited, an attacker may have gained distant management to delete a person’s e-books and even flip the Kindle right into a malicious bot to assault different gadgets on the person’s community.
Through the use of a malicious e-book, the attacker additionally may have focused a particular viewers. In a single instance cited by Yaniv Balmas, head of cyber analysis at Verify Level Software program, a cybercriminal who needed to focus on Romanian residents would merely have to publish some free and well-liked e-books written in Romanian. The attacker would then be pretty sure that the potential victims would all be Romanian, a kind of information that might assist them launch additional malicious campaigns towards these customers.
“Kindle, like different IoT gadgets, are sometimes regarded as innocuous and disregarded as safety dangers,” Balmas stated. “However our analysis demonstrates that any digital gadget, on the finish of the day, is a few type of pc. And as such, these IoT gadgets are susceptible to the identical assaults as computer systems. Everybody ought to pay attention to the cyber dangers in utilizing something linked to the pc, particularly one thing as ubiquitous as Amazon’s Kindle.”
Editor’s be aware: This text has been up to date with extra info and remark.