Kindle is not immune to cyberattacks. This is what security researcher Yogev Bar-On tells us. The latter recently posted a video on YouTube in which he draws our attention to the various security vulnerabilities of the Amazon e-reader . Yogev Bar-On exploited the “Send to Kindle” sharing option to hack the device.
It was by using this feature that he was able to send a malicious e-book to the Kindle he targeted. This attack was not difficult to set up. As can be seen in his video, all you need is the victim's email address. When she opens the file, she is exposed to the execution of an arbitrary code on her Kindle. Without knowing it, she gives the pirate free access to her account.
This attack has been dubbed “Kindle Drip. "
Kindle, a vulnerable device?
In his video, Yogev Bar-On highlights all the vulnerabilities of the Kindle. In total, he listed three. The first is the one that allowed him to easily send a malicious e-book to the e-reader. The second made it easier to execute an arbitrary code remotely. The third flaw, meanwhile, gave him control of his victim's device.
All of these vulnerabilities can be used by hackers for unscrupulous purposes. For example, they can use their target's account to boost the sales of their e-books by using their credit card. Yogev Bar-On's video has not gone unnoticed by Amazon.
Security flaws corrected by Amazon
Jeff Bezos' firm has much to be grateful for for Yogev Bar-On. Without him, she might never have known about these vulnerabilities. So, on December 10, 2020, Amazon corrected all the flaws it pointed out in the Kindle that came out after 2014.
For his part, the security researcher was graciously rewarded by Amazon as part of its vulnerability research program. According to The Hacker News site, Yogev Bar-On received $ 18,000 for his work. Amazon now sends a verification link to users to protect them from receiving malicious data.
If you're a Kindle fan, now you can sleep soundly.