Israeli cybersecurity firm Check Point has uncovered serious flaws with the safety and security of the Amazon Kindle E-book readers. The flaws discovered could allow hackers to steal a user’s personal information and even assume control over the devices.
So, once again it is an Israeli firm that has come to save the world from a serious threat. Some Startup Nation startups are doing that with new medical tech, saving lives. But lives are also saved every day through updated and effective cybersecurity systems.
Check Point marked the start of the whole Startup Nation legend of our time story when the company held what was really Israel’s first major high tech IPO back in the 1990s. The company made its mark with what was then a new kind of security tech – a firewall for computer systems to keep hackers out. Now Check Point is a world leading cybersecurity firm that not only continues to offer cutting edge tech, but also provides the public at large with up to date reports on the latest cyber threats. These reports are based on research performed by Check Point Research.
Everyone has heard of the Amazon kindle. Even if you have never used one or owned one yourself, you have surely seen people using them. Their introduction to the marketplace marked what is believed to be the beginning of the end of the printed novel. Or just about any book for that matter. The devices have Wi-Fi capabilities that allow them to contact Amazon and update/download books through a user’s Amazon account. And wherever there is Wi-Fi there is a threat of attack by hackers.
So what was wrong with the Kindle?
Check Point Research (CPR) found security flaws that, if exploited, would have enabled a threat actor to take full control over a user’s Kindle, resulting in the possible theft of Amazon device token, or other sensitive information stored on the device. The exploitation is triggered by deploying a single malicious e-book on a Kindle device.
A Kindle can read many different types of E book files and download such files from various sources, not just Amazon itself. So it is always possible that an E book file offered on some website is actually a Trojan horse with a virus or malware inside.
An E book is not even necessarily a whole book. It can be any kind of file from a journal article, to a PDF file, or even a Word file with a short story only one page long. Once loaded onto a device and opened by its user, the file can implant whatever malware or ransomware it has. This is the same as when some downloads and opens an email attachment sent by an unknown source.
There is a reason why they tell you never to do that. There is a reason why most office networks the world over deny permission to download most things to their office computers. It’s the high risk of malware.
No, no one is going to hold your Kindle device for ransom, like they have done some major companies as was recently reported in the news. But Kindles are like tablets and are used for the Internet as well. So hackers could steal credit card information or social security numbers and so forth from a victim.
Check Point stated that they informed Amazon of the problem and that the company created a patch to fix the problem.
Yaniv Balmas, Head of Cyber Research at Check Point Software:
“We found vulnerabilities in Kindle that would have allowed an attacker to take full control of the device. By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information. Kindle, like other IoT devices, are often thought of as innocuous and disregarded as security risks. But our research demonstrates that any electronic device, at the end of the day, is some form of computer. And as such, these IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle.”
CPR is scheduled to demonstrate the exploitation at this year’s DEF CON conference in Las Vegas.