The bug called KindleDrip allows hackers to take control of your device to steal bank details and make purchases on your behalf, what did Amazon do about it?
4 min read
Nothing escapes hackers and now their new data stealing tactic is hiding in your e-book reader . The Israeli company Check Poin Software, specialized in cybersecurity , detected a flaw in Amazon’s Kindle devices that was activated with a malicious ebook.
Cybercriminals found a way to attack Kindle readers using their own features. With this they can take control of the device, delete the user’s ebook library, make purchases or turn Kindle into a malicious ‘bot’, which would allow it to attack other devices on the user’s local network, reports EuropaPress . However, the real danger is that it can steal the user’s Amazon credentials and bank details.
Although Kindle devices are often considered ” safe “, they also pose risks to the user’s online security.
” These security vulnerabilities allow targeting a very specific audience,” said Eusebio Nieva, Technical Director of Check Point Software for Spain and Portugal. ” To use a random example, if a cybercriminal wanted to target Romanian citizens, all they would have to do is publish some free and popular e-book in the Romanian language .”
How does the virus that hacks Kindle work?
Amazon Kindle has an important feature called ‘Send to Kindle’ , which allows you to send documents, web pages and books to your Kindle device with just one button. This tool has an extension for Google Chrome , which allows us to send a web page and read it more calmly on the Kindle . This feature turned out to be a security hole, Realmode Labs discovered.
– Entrepreneur in Spanish (@SoyEntrepreneur) August 4, 2021
Another way that hackers access the Kindle system is through an ebook or document that contains malware , which can be obtained in any virtual library and can even come for free as a gift.
When the user downloads and opens the document, the malware executes code to take control of the device and perform all the actions that the owner can do, including making unauthorized purchases and the possibility of stealing their bank details .
One detail that makes it more dangerous is that it is hidden between the titles of the Kindle Store itself , where any user can self-publish their material without intermediaries such as publishing companies. The company explained that hackers took advantage of this feature to infect multiple Kindle devices.
What did Amazon do to protect Kindle users?
Although today it is news again, this vulnerability called KindleDrip is not exactly new. Check Point Research alerted Amazon to this issue last February, hoping the company would correct it, and it did.
To fix the bug, in April Kindle automatically installed a firmware update on devices. Version 5.13.5 includes the patch that corrects this vulnerability and was downloaded to computers connected to the internet, although if the user does not have the Kindle connected to a constant WiFi signal, it may not have been activated.