The research team at Check Point Research (CPR) found security flaws in Amazon Kindle, one of the most popular e-reader. If exploited, the flaws would have enabled a hacker to take full control over a user’s Kindle, resulting in the possible theft of Amazon device token, or other sensitive information stored on the device.
CPR said that the exploitation is triggered by deploying a single malicious e-book on a Kindle device. CPR is scheduled to demonstrate the exploitation at this year’s DEF CON conference in Las Vegas.
How the exploitation works?
The exploitation involves sending a malicious e-book to a victim. Once the e-book is delivered, the victim simply needs to open it to start the exploit chain. Further, no other indication or interactions are required on behalf of the victim to execute the exploitation.
CPR proved that an e-book could have been used as malware against Kindle, leading to a range of consequences. For example, an attacker could delete a user’s e-books, or convert the Kindle into a malicious bot, enabling them to attack other devices in the user’s local network.
CPR has already disclosed its findings to Amazon in February 2021. Amazon deployed a fix in the 5.13.5 version of Kindle’s firmware update in April 2021. The patched security firmware installs automatically on Amazon Kindle devices connected to the Internet.
In recent news to Amazon, the brand released new features for Alexa. Alexa will now be able to find you COVID-19 testing and vaccination centres in India. It will also give other information such as vaccine availability and more.Amazon has partnered with India-based MapMyIndia map services to provide the details. The voice assistant will provide you with details regarding the nearest testing centre and the distance to it as well. “Alexa where can I get a COVID-19 test?” can get you started finding the testing centre.