Tag: Kindle | Page 2

Hackers have a new target: Your Kindle

August 7, 2021/in Computer Security

If you think hacks and security flaws only affect computers and smart devices, think again. Any device connected to the internet, a computer or a network is vulnerable to attack. This includes surveillance cameras, smart speakers, smart televisions, baby monitors, routers and more.

Your printer may seem like an innocuous little box that does just one basic job, but it could also be a gateway into your network. Tap or click here for tips on securing your printer.

A security flaw was recently discovered in Amazon Kindle e-readers that can give a hacker access to information stored on the device and more. We’ll give you details on the flaw and tips on securing your Kindle.

Here’s the backstory

In an email to Kim Komando, security firm Check Point Research (CPR) detailed a flaw found in Amazon Kindle e-readers that hackers can use to take control of the device.

They gain access via a malicious e-book that appears harmless to users. When opened, it triggers the exploit. From there, the hacker can cause all sorts of mischief. Note: This flaw does not apply to Fire tablets.

Once inside your device, the threat actor can steal any information stored there, including your Amazon account credentials and billing information.

CPR found that attackers using this Kindle exploit can target specific groups. For example, if a hacker wants to target Romanian citizens, he can publish a malicious e-book written in that language.

CPR sent its findings to Amazon and noted that the online retail juggernaut was “cooperative.” Following this, Amazon patched the vulnerability.

Strengthen your Kindle settings

As with IoT (internet of things) devices, it’s important to keep your Kindle updated. It should automatically download and install updates while charging and connected to Wi-Fi, but you can also update it manually. This is helpful if your Kindle is in airplane mode or you haven’t charged it or connected it to a network in a while.

Since Amazon has fixed this flaw in a recent update, you must make sure your Kindle is updated…

Source…

Warning Amazon Kindle hackers can hijack your eReader, delete all your books, and take over account

August 7, 2021/in Computer Security

AMAZON Kindles can become easy pickings for hackers who can wipe users’ books and collect privileged information by simply opening a single corrupt ebook, according to an Israeli cybersecurity company’s published report.

“Our research demonstrates that any electronic device, at the end of the day, is some form of computer,” wrote Yaniv Balmas, head of cyber research at the Israel-based cybersecurity company Check Point.

AMAZON Kindles can hacked, and wipe users’ books and collect privileged information by just opening a single malicious ebookCredit: Getty

He said mobile devices are just as “vulnerable” to the same tradecraft used by black hats to attack stationary computers.

“Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle, he wrote according to the research published Friday for DEF CON security conference happening in Las Vegas and first reported by Forbes.

EVIL EBOOK

Balmas described how a remote hacker can furnish a malicious book into the Amazon marketplace and once opened, the crook can delete any of the titles stored on the device and get a hold of the authentication token that permits a user to access their Amazon account

“Equipped with these tokens the attacker would now be able to access the victim’s Amazon account and perform anything on his behalf,” Balmas added.

What’s more, the same hacker breaching the Kindle could use it as a launchpad to devise other ways to infiltrate devices connected to a network.

Balmas created a hypothetical hack by manufacturing a compromised ebook to showcase how once it’s opened on the Kindle he could overwrite parts of the operating system memory.

While he did that, Balmas also managed to detect another exploit where he could manipulate the root user rights,” meaning he could remotely control or alter the software, according to Forbes.

TAILORED HACKS

Amazon claims to have patched the bugs and also had confidence that users running their most recent Kindle software are immune to the hacks Balmas and his team discovered.

The company didn’t respond to Forbes’ request for comment.

If an attacker can discern…

Source…

Kindle Flaw Could Have Let Hackers Take Control of Device

August 6, 2021/in Computer Security

Image for article titled Kindle Flaw Could Have Let Hackers Take Control of Your Ebook Reader and Steal Information — Photo: Sam Rutherford/Gizmodo

All connected gadgets are technically vulnerable to bad actors, but Amazon’s Kindle e-readers aren’t exactly the first device that’d pop into your head when you think of a security risk. However, researchers have found that Kindles had flaws that could’ve allowed hackers to seize control of the device—and all it would’ve require is malware masquerading as an ebook.

The flaws were discovered and disclosed by Check Point Research, a well-known security firm. The vulnerabilities were found in how the device parses ebooks, and if exploited, could enable hackers to not only control a user’s Kindle but also steal sensitive information, such as your Amazon account credentials or billing information. Attackers could also delete your entire library, or convert your Kindle into a bot that runs attacks on other devices on your local network. The only thing a potential victim would have to do is download and open an ebook containing malware.

You might think that would be unlikely, but self-published authors upload their own ebooks onto Amazon’s official Kindle Store all the time. Anyone who frequently uses an e-reader will tell you there are several ways to load non-Amazon content onto a Kindle. As for why you’d want to sidestep Amazon’s store, it’s as simple as wanting to read a title that’s not yet formatted natively for a Kindle. Or perhaps you want to sideload a title that hasn’t been translated by official sources into your language just yet. And as CPR points out, nobody expects to download a malicious ebook.

“In this case, what alarmed us the most was the degree of victim specificity that the exploitation could have occurred in. Naturally, the security vulnerabilities allow an attacker to target a very specific audience,” Yaniv Balmas, head of cyber research at Check Point Software, said in a statement. Balmas explained that bad actors could easily target speakers of a particular language. All they would have to do to target, say, Romanians, is publish a popular book in an ebook format in that language. Because most people downloading that book would likely speak Romanian, a hacker could be confident nearly all victims would be…

Source…

Amazon Kindle Hack Needs Just One Evil Ebook To Take Over Your Ereader—And Maybe Your Amazon Account Too

August 6, 2021/in Internet Security

Amazon Kindles have twice been shown vulnerable to attacks that allow remote control of the devices … [+] via an evil ebook. (Photo by Will Ireland/Future via Getty Images)

Future via Getty Images

Your Amazon Kindle and your Amazon account could be hacked by just opening a single ebook, according to research published Friday as part of the DEF CON security conference taking place in Las Vegas this week.

Once the malicious book is opened, a remote hacker could delete all books on the device and could steal the authentication token used to get into an Amazon account, according to the proof of concept attack developed by researchers at Israel-based cybersecurity company Check Point. “Equipped with these tokens the attacker would now be able to access the victims Amazon account and perform anything on his behalf,” said Yaniv Balmas, head of cyber research at Check Point. An attacker could have also used the Kindle as a launchpad for attacking other devices on a local WiFi network.

Balmas was able to create a evil ebook that took advantage of a flaw in the Kindle operating system that meant when parsing images from the book it wasn’t limiting the amount of code that could be written to the device, known as a heap overflow bug. That flaw allowed him to overwrite parts of memory. To get complete control of the Amazon device, he discovered another flaw that allowed him to grant himself root user rights.

Amazon, however, has fixed the issue and users who are running the latest Kindle software should be safe from attacks. The issues were reported to Amazon in February 2021 and fixed in the 5.13.5 version of Kindle’s firmware in April, the patched software installed automatically on internet-connected devices. Amazon hadn’t responded to a request for comment at the time of publication.

But the research brings to light questions about how much a Kindle user can trust books self-published on Amazon’s marketplace, or ebooks downloaded from any platform. It’s also the first example of a hack getting complete remote control over a Kindle with a malicious book.

“Our research demonstrates that any electronic device, at the end of the day, is some form of…

Source…

Tag Archive for: Kindle

Here’s the backstory

Your daily dose of tech smarts

Strengthen your Kindle settings

EVIL EBOOK

TAILORED HACKS