Security firm Check Point Research (CPR) has found some flaws in safety No Kindle, da Amazon, or e-reader The most famous in the world. According to the company, the analysis showed that when a malicious file disguised as an e-book is opened, the user could invade his device by hackers who use the hole to steal information.
It’s important to note from the start that, fortunately, Amazon has already been notified of the issue and has already provided a patch update. The Kindle failure will be shown live at the next edition of the DEF CON safety event in Las Vegas, USA, which started yesterday (5) and runs through Sunday (8).
publicity celebrity
Read also
According to the survey, the malicious file contained an independent series of files exploits that were triggered as soon as the user opened the item. After that, the scale of the infection was full, allowing hacker That carried the burden of viewing and transferring information stored within the Kindle, such as the so-called “Amazon Token,” an access key to user accounts on systems like Prime.
The series of vulnerabilities will be so powerful that, from Kindle, they can infect other devices connected to the same network as the device. CPR indicates that all Kindle devices are affected because the problem was system related and not hardware related.
“The vulnerabilities allowed an actor to attack a very specific demographic, which has raised CPR concerns a lot,” the company said in its official online post about the issue. “For example, if a hacker wanted to affect a particular demographic, they could simply choose a version of a popular e-book in a particular language, and organize a highly targeted cyber attack.”
In simple terms: let’s say a hacker wanted to specifically attack Brazilian users. He will only need to hide his exploits in a file that matches the Brazilian version of any file eBook. Modify the attack to Brazilian Portuguese (PT-Br), it can easily and quickly reach many people.
Yaniv Palmas, Head of Cyber Research at CPR, said: “Kindle, like other ‘internet of things’ devices, are seen as harmless and ignored as security risks. However, our research shows that any electronic device, after all, is A specific form of a personal computer. As such, these devices are vulnerable to the same attacks as a desktop or laptop computer. Everyone should be aware of the cyber risks that come from using anything connected to a computer or the Internet, especially the high risks that It can be forgotten like an Amazon Kindle.”
CPR reported the bug to Amazon in February 2021. After being tested and confirmed internally, an update was released for Kindle users in April 2021. This update is mandatory and is immediately downloaded and installed on the device that connects to the Internet.
You have seen our new videos on Youtube? Subscribe to our channel!
sign it Amazon Prime Watch popular movies and series, including award-winning Amazon Originals. NS Amazon Prime It also includes free and fast delivery of thousands of eligible items, over two million ad-free songs, and more. click over here And start the test FREE SHIPPING for 30 days!