Warning Amazon Kindle hackers can hijack your eReader, delete all your books, and take over account
AMAZON Kindles can become easy pickings for hackers who can wipe users’ books and collect privileged information by simply opening a single corrupt ebook, according to an Israeli cybersecurity company’s published report.
“Our research demonstrates that any electronic device, at the end of the day, is some form of computer,” wrote Yaniv Balmas, head of cyber research at the Israel-based cybersecurity company Check Point.
He said mobile devices are just as “vulnerable” to the same tradecraft used by black hats to attack stationary computers.
“Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle, he wrote according to the research published Friday for DEF CON security conference happening in Las Vegas and first reported by Forbes.
EVIL EBOOK
Balmas described how a remote hacker can furnish a malicious book into the Amazon marketplace and once opened, the crook can delete any of the titles stored on the device and get a hold of the authentication token that permits a user to access their Amazon account
“Equipped with these tokens the attacker would now be able to access the victim’s Amazon account and perform anything on his behalf,” Balmas added.
What’s more, the same hacker breaching the Kindle could use it as a launchpad to devise other ways to infiltrate devices connected to a network.
Balmas created a hypothetical hack by manufacturing a compromised ebook to showcase how once it’s opened on the Kindle he could overwrite parts of the operating system memory.
While he did that, Balmas also managed to detect another exploit where he could manipulate the root user rights,” meaning he could remotely control or alter the software, according to Forbes.
TAILORED HACKS
Amazon claims to have patched the bugs and also had confidence that users running their most recent Kindle software are immune to the hacks Balmas and his team discovered.
The company didn’t respond to Forbes’ request for comment.
If an attacker can discern…