Now patched by Amazon, safety vulnerabilities discovered by Examine Level would have given attackers entry to a Kindle gadget and its saved information.
Amazon Kindle house owners may have uncovered themselves to a distant management assault just by opening the improper e-book. In a report printed on Friday, cybersecurity supplier Examine Level stated that it found safety holes within the Kindle that might have helped a cybercriminal take full management of the gadget, probably resulting in the theft of delicate data together with the Amazon gadget token, a novel key used to route messages and different notifications.
SEE: Social engineering: A cheat sheet for enterprise professionals (free PDF) (TechRepublic)
In February 2021, Examine Level alerted Amazon to its findings, prompting the corporate to roll out a repair in model 5.13.5 model of the Kindle’s firmware replace in April 2021. The replace routinely is put in on Kindle gadgets when related to the web.
“We’ve got launched computerized software program updates to repair these points for all Amazon Kindle fashions launched after 2012,” an Amazon spokesperson advised TechRepublic. “We admire the work of unbiased safety researchers who assist carry potential points to our consideration.”
To verify the firmware model in your Kindle, go to Settings, choose Menu, after which faucet System Data. Examine Level additionally advises Kindle customers to use widespread sense and never open or obtain any e-books that look suspicious or come from untrusted sources.
Earlier than Amazon patched the safety flaws, a Kindle consumer may have unknowingly triggered the exploit simply by opening a malicious e-book despatched by the attacker, Examine Level stated. No different motion would have been required. With the vulnerabilities exploited, an attacker may have gained distant management to delete a consumer’s e-books and even flip the Kindle right into a malicious bot to assault different gadgets on the consumer’s community.
By utilizing a malicious e-book, the attacker additionally may have focused a particular viewers. In a single instance cited by Yaniv Balmas, head of cyber analysis at Examine Level Software program, a cybercriminal who needed to focus on Romanian residents would merely must publish some free and widespread e-books written in Romanian. The attacker would then be pretty sure that the potential victims would all be Romanian, a kind of information that might assist them launch additional malicious campaigns in opposition to these customers.
“Kindle, like different IoT gadgets, are sometimes regarded as innocuous and disregarded as safety dangers,” Balmas stated. “However our analysis demonstrates that any digital gadget, on the finish of the day, is a few type of laptop. And as such, these IoT gadgets are susceptible to the identical assaults as computer systems. Everybody ought to pay attention to the cyber dangers in utilizing something related to the pc, particularly one thing as ubiquitous as Amazon’s Kindle.”
Editor’s word: This text has been up to date with further data and remark.