Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device

Check Point researchers reported that in April of this year, IT giant Amazon eliminated critical vulnerabilities in the Amazon Kindle. The problems could be used to gain full control over the device, allowed them to steal the Amazon device token and other confidential data stored on it.

For a successful attack on a Kindle, just one book with malicious code is enough.

The potential attack began by sending a malicious e-book to the user’s mail. After receiving such an attachment, the victim only had to open it, and this launched the exploit. No additional user permission or action was required.

E-books could be used as Kindle malware with various consequences. For example, a hacker could delete all of the user’s e-books, as well as turn the Kindle into a bot and use it to attack other devices on the victim’s local network.experts write.

Even worse, the discovered vulnerabilities allowed attackers to target a specific category of users. For example, to hack a specific group of people or demographic group, a hacker simply had to inject malicious code into a popular e-book in the corresponding language or dialect. As a result, attacks became highly targeted.

The root of the problem lay in the structure of the parsing framework, namely the implementation associated with PDF documents. The attacks were possible thanks to a heap overflow associated with the PDF rendering feature (CVE-2021-30354), which allowed arbitrary write permissions on the device, and a local privilege escalation vulnerability in the Kindle App Manager service (CVE-2021-30355), which allowed combine two vulnerabilities into a chain to run malicious code with root privileges.

The researchers reported their findings to Amazon in February 2021, and already the April update of the Kindle firmware to version 5.13.5 contained a patch (the firmware is automatically installed on devices connected to the network).

We found vulnerabilities in the Kindle, and if hackers took advantage of them, they could take full control of the device. By sending an e-book with a malicious code to a Kindle user, a cybercriminal would be able to steal any information from the reader, from Amazon account details to payment information. Like other smart devices, the Kindle is often perceived as a harmless gadget that is not subject to security risks. However, our research shows that any device with network connectivity is, in fact, not much different from a computer. IoT devices are susceptible to the same types of attacks as smartphones. Any device connected to a PC, especially the popular Kindle, presents a cybersecurity risk, and users should be aware of this.said Yaniv Balmas, head of cybersecurity research at Check Point Software Technologies.

Let me remind you that Researcher Found Three Bugs Allowing Hacking Amazon Kindle also this February.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *