Amazon Kindle Vulnerable to Malicious EBooks - silversurfer - 07 August 21
Quote:A security flaw in Amazon’s Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more.
That’s according to Check Point researcher Slava Makkaeveev, who released the findings Friday. Check Point disclosed the bug to Amazon in February, and it was fixed in April; Amazon released patched firmware to be automatically installed on every Kindle connected to the internet. It’s unclear if the bug was exploited prior to the patch, but crisis appears to have been averted: Any serious attack could have affected tens of millions of Kindle users across the globe.
The Check Point research demonstrates how easily an eBook can be used to deliver malware. “Antivirus [protections] do not have signatures for eBooks,” Makkaeveev wrote in . “A malicious eBook can be published and made available for free access in any virtual library, including the Kindle Store, via the ‘self-publishing’ service, or sent directly to the end-user device via the Amazon ‘send to Kindle’ service.”
The Check Point team was able to create a proof-of-concept malicious eBook that, once it was opened on a Kindle, would have executed a hidden code with root rights, the report explained.
Read more: Amazon Kindle Vulnerable to Malicious EBooks
|