Kindle Flaw Could Have Let Hackers Take Control of Device

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Image for article titled Kindle Flaw Could Have Let Hackers Take Control of Your Ebook Reader and Steal Information

Photo: Sam Rutherford/Gizmodo

All connected gadgets are technically vulnerable to bad actors, but Amazon’s Kindle e-readers aren’t exactly the first device that’d pop into your head when you think of a security risk. However, researchers have found that Kindles had flaws that could’ve allowed hackers to seize control of the device—and all it would’ve require is malware masquerading as an ebook.

The flaws were discovered and disclosed by Check Point Research, a well-known security firm. The vulnerabilities were found in how the device parses ebooks, and if exploited, could enable hackers to not only control a user’s Kindle but also steal sensitive information, such as your Amazon account credentials or billing information. Attackers could also delete your entire library, or convert your Kindle into a bot that runs attacks on other devices on your local network. The only thing a potential victim would have to do is download and open an ebook containing malware.

You might think that would be unlikely, but self-published authors upload their own ebooks onto Amazon’s official Kindle Store all the time. Anyone who frequently uses an e-reader will tell you there are several ways to load non-Amazon content onto a Kindle. As for why you’d want to sidestep Amazon’s store, it’s as simple as wanting to read a title that’s not yet formatted natively for a Kindle. Or perhaps you want to sideload a title that hasn’t been translated by official sources into your language just yet. And as CPR points out, nobody expects to download a malicious ebook.

“In this case, what alarmed us the most was the degree of victim specificity that the exploitation could have occurred in. Naturally, the security vulnerabilities allow an attacker to target a very specific audience,” Yaniv Balmas, head of cyber research at Check Point Software, said in a statement. Balmas explained that bad actors could easily target speakers of a particular language. All they would have to do to target, say, Romanians, is publish a popular book in an ebook format in that language. Because most people downloading that book would likely speak Romanian, a hacker could be confident nearly all victims would be…