This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
Amazon patched a significant vulnerability in its Kindle e-book reader platform earlier this April, which could have been used to gain complete control of a user’s device and steal sensitive data by simply deploying a malicious e-book. “By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information,” Yaniv Balmas, head of cyber research at Check Point, said in an emailed statement. “The security vulnerabilities allow an attacker to target a very specific audience.”
In other words, if a threat actor wanted to target a certain group of individuals or demographic, the adversary could tailor and coordinate a highly targeted cyber-attack using a popular e-book in a language or dialect widely spoken among the group.
Threat actors might readily target speakers of a specific language, according to Balmas. To target Romanians, for example, they would only need to publish a bestselling book in that language as an e-book. Because the majority of people who download that book will almost certainly speak Romanian, a hacker may be confident that nearly all of the victims will be Romanian.
“That degree of specificity in offensive attack capabilities is very sought after in the cybercrime and cyber-espionage world. In the wrong hands, those offensive capabilities could do some serious damage, which concerned us immensely,” Balmas said.
Following a responsible disclosure of the problem to Amazon in February 2021, the retail and entertainment behemoth released a patch in April 202
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Kindle’s E-book Vulnerability Could Have Been Exploited to Hijack a User’s Device