8/27/2023 0 Comments Amazon kindle store hacked![]() ![]() “In the wrong hands, those offensive capabilities could do some serious damage, which concerned us immensely.”Įarlier this year, Amazon paid threat-hunter Yogev Bar-On $18,000 as part of its bug-bounty program, for discovering KindleDrip. “That degree of specificity in offensive attack capabilities is very sought-after in the cybercrime and cyber-espionage world,” Balmas told Threatpost. “In this case, what alarmed us the most was the degree of victim specificity that the exploitation could have ,” Yaniv Balmas, head of cyber-research at Check Point, said.īalmas offered the example of a threat actor interested in targeting Romanians: Simply re-printing a popular title translated into Romanian would be an easy way to gain access to victims. Worse yet, the Kindle bug allowed threat actors to target victims by specific regions, languages and more. The malware developed by Check Point then gained root access, giving the attacker total control of the Kindle, including access to the user’s Amazon account, cookies and the device’s private keys. If a victim clicked on the malicious eBook, it connected to a remote server and locked the user’s screen, Check Point explained. ![]() “From this moment on, you can assume that you have lost control of your e-reader,” Makkaeveev warned. The Check Point team was able to create a proof-of-concept malicious eBook that, once it was opened on a Kindle, would have executed a hidden code with root rights, t he report explained. “A malicious eBook can be published and made available for free access in any virtual library, including the Kindle Store, via the ‘self-publishing’ service, or sent directly to the end-user device via the Amazon ‘send to Kindle’ service.” Anatomy of a Malicious EBook “Antivirus do not have signatures for eBooks,” Makkaeveev wrote in. The Check Point research demonstrates how easily an eBook can be used to deliver malware. It’s unclear if the bug was exploited prior to the patch, but crisis appears to have been averted: Any serious attack could have affected tens of millions of Kindle users across the globe. Check Point disclosed the bug to Amazon in February, and it was fixed in April Amazon released patched firmware to be automatically installed on every Kindle connected to the internet. That’s according to Check Point researcher Slava Makkaeveev, who released the findings Friday. A security flaw in Amazon’s Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |