Jump to content
  • Vulnerability found in Kindle e-reader

    aum

    • 470 views
    • 2 minutes
     Share


    • 470 views
    • 2 minutes

    A team of researchers at security firm Check Point Research has discovered a vulnerability in Kindle e-readers—one that could allow hackers to take over the device, delete data and potentially gain access to Amazon account information. The group has posted an extensive review of the work they have done to discover vulnerabilities in the e-reader on their web page, describing what they found and divulging what Amazon has done to correct the problem.

     

    E-readers are portable electronic devices that allow users to read downloaded text—such devices can be used to read PDF files or books formatted specifically for e-readers. They are typically very thin and light, with screens designed to make text look very similar to printed pages. Amazon began working on an e-reader back in 2004 and began selling its first Kindle in 2007. Since that time the company has produced a very popular series of Kindle devices. In this new effort, the researchers found that the latest version of the Kindle e-reader has a vulnerability that makes it possible for hackers to break into the device by attaching code to an e-book they had created.

     

    The vulnerability was found in the firmware and was determined to be related to a heap overflow in the part of the firmware code related to rendering PDF files, along with a flaw in the code related to escalating local privileges on the device. A hacker, it was found, could attach code to a book they had written and then send it to an unsuspecting victim. Upon opening the e-book, code would launch that would give the hacker unlimited access to the device. Such access, the researchers note, could involve not only stealing e-books, but preventing the user from accessing them, or deleting those that had been downloaded. It could also have allowed the hacker to access the user's Amazon account information.

     

    < Watch the video at the source page. >

     

    The team at Check Point notified Amazon of the vulnerability they had found this past February and Amazon responded by issuing a patch this past May—thus, the vulnerability does not currently pose a threat to Kindle owners; though it does remind them that any device that connects to the Internet holds the potential for breaches by hackers.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...