Check Point researchers today (Friday) revealed serious security vulnerabilities that were discovered in one of Amazon’s flagship products – the Kindle – the world’s most popular reading platform. The company’s research is presented at the DEF CON conference in Las Vegas, which is considered one of the most important in the world of information security, and shows that the vulnerabilities allowed the attackers to take full control of the Kindle, as well as steal the keys to the victims’ Amazon accounts.
The vulnerabilities have been corrected by Amazon following a joint work of Check Point with the company’s security department. They were activated by clicking on an e-book on which a malware is installed. The victims who click on the e-book – the usual Kindle mechanism – could not see what was happening “behind the scenes” and the takeover of the device. This means that in fact, an e-book alone could have led alone to a situation where attackers take over the device, to the victims’ original Amazon accounts.
As mentioned, the weakness worked on the basis of a disruption that existed in the Kindle memory mechanism, while processing the e-book before presenting it to the user. It made it possible, by taking advantage of this problem, bypassing the security system in the device, to run code remotely that would allow full control over the device and the information contained in it.
Itai Cohen, a senior researcher at Check Point, explained that “Kindle, like other IoT (Internet of Things) products, are unfairly considered to be products that do not require a high level of security. However, such research presents the dangers that exist in them. All An electronic device that is connected to the network, and contains information, is a potential target of cyber attacks. “
“Effective cyber-attacks target specific targets, and in this case the ability to produce an e-book that will attract the target’s attention – would easily have led to the download of the book to Kindle and with it the damage that takes over the device and information,” he said. “This would have led to the launch of the attack. We are pleased that Amazon soon understood the severity of the vulnerability and worked with us to correct it automatically.”
The Amazon Repair (5.13.5) is automatically installed on the Kindle all over the world, and users are not required to do anything to protect themselves from the vulnerability.