AMAZON Kindles can become easy pickings for hackers who can wipe users’ books and collect privileged information by simply opening a single corrupt ebook, according to an Israeli cybersecurity company’s published report.
“Our research demonstrates that any electronic device, at the end of the day, is some form of computer,” wrote Yaniv Balmas, head of cyber research at the Israel-based cybersecurity company Check Point.
He said mobile devices are just as “vulnerable” to the same tradecraft used by black hats to attack stationary computers.
“Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle, he wrote according to the research published Friday for DEF CON security conference happening in Las Vegas and first reported by Forbes.
Balmas described how a remote hacker can furnish a malicious book into the Amazon marketplace and once opened, the crook can delete any of the titles stored on the device and get a hold of the authentication token that permits a user to access their Amazon account
“Equipped with these tokens the attacker would now be able to access the victim's Amazon account and perform anything on his behalf,” Balmas added.
What’s more, the same hacker breaching the Kindle could use it as a launchpad to devise other ways to infiltrate devices connected to a network.
Balmas created a hypothetical hack by manufacturing a compromised ebook to showcase how once it’s opened on the Kindle he could overwrite parts of the operating system memory.
While he did that, Balmas also managed to detect another exploit where he could manipulate the root user rights,” meaning he could remotely control or alter the software, according to Forbes.
Amazon claims to have patched the bugs and also had confidence that users running their most recent Kindle software are immune to the hacks Balmas and his team discovered.
The company didn’t respond to Forbes’ request for comment.
If an attacker can discern the type of content that the user prefers, they can more easily lure the person to download a booby-trapped book.
Balmas suggested that should a person favor LGBT as a subject matter, the book could be created to adopt it.
Same for a Romanian reader who would likely opt for a Romanian book.
“That degree of specificity in offensive attack capabilities is very sought after in the cybercrime and cyber espionage world,” Balmas told Forbes.
“In the wrong hands, those offensive capabilities could do some serious damage, which concerned us immensely.”
AMAZON'S SECURITY ISSUES
The e-commerce giant has experienced other security issues.
Last Christmas, fake Amazon gift cards were being pawned off online as the real thing, allowing hackers to hijack your online logins.
They’ve also been on the defense as they push the boundaries of privacy.
Last month, the company was leaning on property landlords to allow the company to install a system in their buildings to be able to let their couriers enter apartments without being buzzed in by using a master "key."
The company won approval by the Federal Communications Commission (FCC) last month to deploy a radar sensor that monitors peoples’ sleeping.
They’ve also been named alongside Microsoft, Facebook and Google for being in hot pursuit of implementing “homomorphic encryption” on consumers.
The technique attempts to scan content to grab the gist of an idea in a message or email without actually accessing the text itself.
Source: Read Full Article