Check Point Research has found numerous security holes in the Amazon Kindle as well. Cybercriminals could have taken full control of a device simply by tricking victims with a malicious e-book. The damage would be enormous: from total control of the device to the theft of sensitive data.
The flaws in the Amazon Kindle security system
Check Point Research (CPR), the Threat Intelligence division of Check Point Software Technologies Ltd., has highlighted significant security holes in Amazon Kindle devices. It would have been enough to send a malicious e-book to the selected victim, to create enormous damage. In fact, once the e-book is delivered, the victim would only need to open it to initiate the cyber attack. CPR has shown that more than one e-book may have been used as malware against the Kindle, leading to a number of serious consequences. For example, an attacker could delete a user’s e-books.
But the more serious consequences could lead to converting the Kindle into a bot, allowing it to attack other devices on the user’s local network. In this scenario, all the personal data of the connected users would be in danger. These flaws would open the door to huge benefits for cybercriminals. These, for example, could have targeted a specific group of people. It would have been enough to select a popular e-book in a particular language to orchestrate a well-targeted and large-scale cyber attack.
Amazon’s fix of the firmware
CPR disclosed its findings to Amazon as early as February 2021. This led to the release of a fix in version 5.13.5 of the Kindle firmware update in April 2021. The patched firmware installs automatically on connected devices to the Internet, avoiding the aforementioned assumptions.
“We found vulnerabilities in Kindle that would have allowed a hacker to take full control of the device.” He has declared Yaniv Balmas, Head of Cyber Research di Check Point Software Technologies. “By sending Kindle users a simple malicious e-book, a hacker could have stolen any information stored on the device, from Amazon account credentials to billing information. Kindles, like other IoT devices, are often considered harmless and underestimated from a security standpoint. But our research shows that any electronic device is a kind of computer. And as such, these IoT devices are vulnerable to the same attacks. Everyone should be aware of the cyber risks of using anything connected to a computer, especially something we use every day.
Balmas mentioned the risks of IoT devices, for this reason we recommend this article to defend your smarthome from malicious people. The director of CPR also highlighted how Amazon has been extremely collaborative, and has definitively solved the problem:
“Amazon has been cooperative throughout our sharing process, and we are delighted that they have released a patch for these security issues.”