Connect with us

Hi, what are you looking for?

Jewish Business News

Cyber, Security

Check Point Research Finds Major Security Flaws in Amazon Kindle

Israeli cybersecurity firm Check Point has uncovered serious flaws with the safety and security of the Amazon Kindle E-book readers. The flaws discovered could allow hackers to steal a user’s personal information and even assume control over the devices.

So, once again it is an Israeli firm that has come to save the world from a serious threat. Some Startup Nation startups are doing that with new medical tech, saving lives. But lives are also saved every day through updated and effective cybersecurity systems.

Check Point marked the start of the whole Startup Nation legend of our time story when the company held what was really Israel’s first major high tech IPO back in the 1990s. The company made its mark with what was then a new kind of security tech – a firewall for computer systems to keep hackers out. Now Check Point is a world leading cybersecurity firm that not only continues to offer cutting edge tech, but also provides the public at large with up to date reports on the latest cyber threats. These reports are based on research performed by Check Point Research.

Everyone has heard of the Amazon kindle. Even if you have never used one or owned one yourself, you have surely seen people using them. Their introduction to the marketplace marked what is believed to be the beginning of the end of the printed novel. Or just about any book for that matter. The devices have Wi-Fi capabilities that allow them to contact Amazon and update/download books through a user’s Amazon account. And wherever there is Wi-Fi there is a threat of attack by hackers.

So what was wrong with the Kindle?

Check Point Research (CPR) found security flaws that, if exploited, would have enabled a threat actor to take full control over a user’s Kindle, resulting in the possible theft of Amazon device token, or other sensitive information stored on the device. The exploitation is triggered by deploying a single malicious e-book on a Kindle device.

A Kindle can read many different types of E book files and download such files from various sources, not just Amazon itself. So it is always possible that an E book file offered on some website is actually a Trojan horse with a virus or malware inside.

An E book is not even necessarily a whole book. It can be any kind of file from a journal article, to a PDF file, or even a Word file with a short story only one page long. Once loaded onto a device and opened by its user, the file can implant whatever malware or ransomware it has. This is the same as when some downloads and opens an email attachment sent by an unknown source.

There is a reason why they tell you never to do that. There is a reason why most office networks the world over deny permission to download most things to their office computers. It’s the high risk of malware.

No, no one is going to hold your Kindle device for ransom, like they have done some major companies as was recently reported in the news. But Kindles are like tablets and are used for the Internet as well. So hackers could steal credit card information or social security numbers and so forth from a victim.

Check Point stated that they informed Amazon of the problem and that the company created a patch to fix the problem.

Yaniv Balmas, Head of Cyber Research at Check Point Software:

“We found vulnerabilities in Kindle that would have allowed an attacker to take full control of the device. By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information. Kindle, like other IoT devices, are often thought of as innocuous and disregarded as security risks. But our research demonstrates that any electronic device, at the end of the day, is some form of computer. And as such, these IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle.”

CPR is scheduled to demonstrate the exploitation at this year’s DEF CON conference in Las Vegas.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newsletter

Advertisement

You May Also Like

World News

In the 15th Nov 2015 edition of Israel’s good news, the highlights include:   ·         A new Israeli treatment brings hope to relapsed leukemia...

empty

The contract signed between the Israeli government and Pfizer shows clearly and unequivocally that this is a clinical study on humans - The agreement...

Business

Now Platika joins and elite club of $10 billion plus Israeli firms.

Travel

After two decades without a rating system in Israel, at the end of 2012 an international tender for hotel rating was published.  Invited to place bids...

Advertisement