This Kindle safety threat revealed how an e-book might steal your information

When you consider gadgets that could possibly be hacked or contaminated with malware, your Kindle in all probability is not the very first thing that involves thoughts. You are extra prone to fear about your laptop computer, smartphone, or pill. Nonetheless, as one researcher found, Kindles may also be susceptible to malware — doubtlessly placing your Amazon account and private data in danger in case you’re not cautious concerning the e-books you sideload onto them.

That researcher is Valentino Ricotta, an engineering analyst at Thales, a protection and safety group (through The Times). Ricotta was in a position to create a “malicious” e-book that, when loaded onto a Kindle, exploited software program vulnerabilities and gave him full entry to the Amazon account linked to the gadget.

Ricotta relied on two separate flaws to tug this off. One was a vulnerability within the Kindle software program chargeable for scanning and extracting information from audiobooks, whereas the opposite affected the on-screen keyboard. By exploiting these vulnerabilities, he tricked the Kindle into executing hidden malicious code throughout the e-book. This allowed him to steal the Kindle’s Amazon session cookies, which might then be used to realize entry to a consumer’s Amazon account.

It is essential to notice that these safety vulnerabilities contain e-books which might be sideloaded onto a Kindle, not these bought straight from the Amazon Kindle Retailer. Many individuals obtain e-books from third-party web sites and switch them to their Kindles through USB, and, as Ricotta identified, books from these sources could possibly be contaminated with malware that may achieve entry to your Amazon account and steal private data. So the ethical of the story is, be very cautious and aware of the locations you obtain e-books from.

“As soon as an attacker will get a foothold inside a Kindle, it might entry private information, your bank card data, pivot to your native community and even to different gadgets which might be registered together with your Amazon account,” Ricotta defined to The Instances.

Amazon has already patched these Kindle safety vulnerabilities

Lately, Amazon has additionally patched a preferred Kindle jailbreak technique

After discovering safety flaws within the Kindle’s software program, Ricotta reported them to Amazon, which categorised them as “vital” and subsequently patched them. In line with The Times, Amazon awarded him $20,000 via its bug bounty program, which rewards “moral hackers” who assist convey consciousness to safety vulnerabilities. Reportedly, Ricotta and Thales donated the cash to charity.

“We recognized and glued vulnerabilities affecting Kindle E-readers and the Audible performance on these gadgets,” an Amazon spokesperson advised Good E-Reader. “All affected gadgets have obtained computerized updates addressing these points. We recognize the safety researchers who assist us preserve excessive safety requirements for our prospects.”

So in case you have been fearful about these safety flaws affecting your Kindle, fear not, as Amazon has mounted them. Nonetheless, that does not imply there aren’t different Kindle vulnerabilities on the market that might have an effect on your Kindle, so once more, simply be aware of the place and the way you get any third-party e-books on your gadget. If you happen to solely buy and obtain e-books from the official Kindle Retailer, you don’t have anything to fret about.

This is not the primary time Amazon has patched vulnerabilities on its Kindle gadgets, and it will not be the final. Earlier this yr, the corporate patched two jailbreak methods that have been gaining recognition amongst customers — WinterBreak and AdBreak — each of which allowed Kindle homeowners to free their e-readers from Amazon’s walled-garden ecosystem and obtain customized apps like KOReader and Kindle Forge.

In different Kindle-related information, Amazon recently announced that DRM-free e-books from Kindle Direct Publishing (KDP) authors will probably be downloadable in EPUB and PDF codecs subsequent yr, and the corporate additionally not too long ago launched its new Kindle Scribe Colorsoft.