One of the best Kindle features was also a security disaster waiting to happen

Since launching in 2007, Amazon’s Kindle ebooks have become a near-essential tool in the arsenal of any bookworm, holding hundreds of diff...

Since launching in 2007, Amazon’s Kindle ebooks have become a near-essential tool in the arsenal of any bookworm, holding hundreds of different titles on a single device. The problem with digitizing the reading process, however, is that not even your library is now safe from attack.

According to a report from security firm Realmode Labs, a chain of vulnerabilities present until recently in Kindle ebooks had created a situation whereby an attacker could compromise a victim’s device and account.

The exploit revolved around the popular “Send to Kindle” feature, which allows users to deliver ebooks to their devices via email, researcher Yogev Bar-on explained in a blog post. Armed with knowledge of the device address, a hacker could have delivered a malicious ebook that, when clicked on, would allow them to perform arbitrary code execution.

By this method of attack, says Bar-On, an attacker could have gained access to personal details, made purchases using the owner’s credit card and sold ebooks on the Kindle marketplace before siphoning funds into their own account.

Kindle security vulnerability

Although users might think their Kindle is low on the list of devices likely to be targeted by cybercriminals, the discovery acts as a reminder that all internet-connected technology can be exploited to steal funds and personal data.

As such, it’s important that device owners are cautious about clicking on web links from disreputable sources, unsolicited email attachments and, in this case, ebooks that appear on their devices unexpectedly.

Amazon was alerted to the Kindle vulnerabilities in October and has since issued an automatic fix for a number of models. According to Bar-On, there is no evidence the exploit was abused in the wild while it remained active.

“The security of our devices and services is a top priority. We have released an automatic software update over the internet fixing this issue for all Amazon Kindle models released after 2014. Other impacted Kindle models will also receive this fix,” said an Amazon spokesperson.

“We also have measures in place to help prevent customers from receiving content they haven’t requested. We appreciate the work of independent researchers who help bring potential issues to our attention.”

In an email exchange with TechRadar Pro, Amazon explained it has since added additional characters to device email aliases, making them far more difficult to guess. In other instances, customers will receive email notifications that require additional confirmation before an ebook is delivered to the device.

Amazon also sought to clarify that an attacker could not gain access to raw credit card details nor account passwords by the method demonstrated by researchers, because the data is not stored on-device.

Via VICE



from TechRadar - All the latest technology news https://ift.tt/2Md9FFg
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: One of the best Kindle features was also a security disaster waiting to happen
One of the best Kindle features was also a security disaster waiting to happen
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/01/one-of-best-kindle-features-was-also.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/01/one-of-best-kindle-features-was-also.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy