Posts

Amazon mulls monitoring workers’ keyboard to prevent security threats

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Amazon expressed its concerns that as more employees work remotely because of the pandemic, company data becomes more vulnerable to cases when outsiders, rogues, or imposters steal data from an employee’s unlocked computer.

To put a patch on such vulnerabilities, Amazon is planning to tap BehavioSoc to licence tools that could monitor their workers’ behavioural biometrics, reported Engadget.

According to BehavioSoc, which pioneers in related software, behavioural biometrics is the way a user uses their devices and apps, “such as mouse movements, typing rhythm, touch and swipe gestures or how they hold their device.”

“In contrast to physical biometrics like a fingerprint, behavioural biometrics provides continuous authentication to verify digital identities by passively monitoring of behavioural inputs without negatively impacting their experience,” said BehavioSoc in its Privacy FAQs page.

According to Amazon, it looked at other employee monitoring solutions but ended up relying on “privacy-aware” models like BehavioSoc, which collects anonymous keyboard data.

Source…

Amazon Fixes Flaw on Kindle That Could’ve Allowed Hackers Steal Billing Data

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Amazon was informed about the flaw back in April.

Amazon was informed about the flaw back in April.

A report notes Amazon Kindle e-reader could’ve be vulnerable to hacking through free e-books. Additionally, Kindle exploitation could be an easy operation for hackers to target specific audiences.

  • News18.com
  • Last Updated:August 10, 2021, 11:21 IST
  • FOLLOW US ON:

Amazon Kindle remains a popular choice for e-book readers, but its popularity also opens doors for security risks. That’s exactly what security research firm Check Point demonstrated in its latest report that notes Kindle e-reader could’ve be vulnerable to hacking through free e-books. The company states that a malicious book can be published and made available for free on e-libraries, including the Kindle Store, via the “self-publishing” service. These books can often reach end-users directly from the hacker in the guise of services from Amazon. If successfully installed, malware-laden e-books can expose information, billing accounts, and so. Even stolen email IDs can pave the way for sophisticated phishing attacks.

Check Point further claims that anti-viruses do not have signatures for e-books, which essentially means these applications may not detect the malware. The company adds that it successfully uploaded the malware to highlight the vulnerability. In a release, it is said that Kindle exploitation could be an easy operation for hackers to target specific audiences. This was possible by targeting books popular in a particular region. “To use a random example, if a threat actor wanted to target Romanian citizens, all they would need to do is publish some free and popular e-book in the Romanian language.” Speaking more over the possibility of a breach, the company notes that understanding Kindle’s architecture, which uses Linux codes at its core, helped them successfully hack their own e-reader.

Check Point demonstrated how an e-book could function as malware to Amazon back in February, and the issue is seemingly patched. Amazon addressed the vulnerability via an OTA update 5.13.5 version in April 2021. To check the version manually, from Home > Select Menu > Settings. You will see the current software version at the bottom of the screen. To manually update, using a…

Source…

Hackers might exploit bug in Amazon Kindle, company issues fix

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


New Delhi: A team of cyber-security researchers has discovered security flaws in popular e-reading device Amazon Kindle that might have led hackers to take full control of a Kindle device, opening a path to stealing information stored.
By tricking victims into opening a malicious e-book, a threat actor could have leveraged the flaws to target specific demographics and take full control of a Kindle device, according to a Check Point Research (CPR) team.

The researchers disclosed its findings to Amazon and the company deployed a fix via a Kindle’s firmware update in April this year. The patched firmware installs automatically on devices connected to the Internet.
“By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information,” said Yaniv Balmas, Head of Cyber Research at Check Point Software.
Kindle, like other IoT devices, are often thought of as innocuous and disregarded as security risks.
“But our research demonstrates that any electronic device, at the end of the day, is some form of computer. And as such, these IoT devices are vulnerable to the same attacks as computers,” he added.
The exploitation involves sending a malicious e-book to a victim.
Once the e-book is delivered, the victim simply needs to open it to start the exploit chain.
No other indication or interactions are required on behalf of the victim to execute the exploitation.
The team proved that an e-book could have been used as malware against Kindle, leading to a range of consequences.
For example, an attacker could delete a user’s e-books, or convert the Kindle into a malicious bot, enabling them to attack other devices in the user’s local network.
“Amazon was cooperative throughout our coordinated disclosure process, and we’re glad they deployed a patch for these security issues,” the CPR team noted.
 

Source…