Check Point Research finds security vulnerabilities in Amazon Kindle


Share

Check Point Research (CPR) found security flaws in Amazon Kindle. The vulnerabilities may have allowed a threat actor to gain complete control of a user’s Kindle, perhaps resulting in the theft of the Amazon device token or other sensitive information stored on the device. A single infected e-book on a Kindle device is all it takes to start the exploitation.

The exploitation will be shown by CPR at this year’s DEF CON conference in Las Vegas. 

E-Book as Malware

A malicious e-book is sent to a victim as part of the exploitation. The victim only has to open the e-book after it has been delivered to begin the exploit chain. To carry out the exploitation, the victim does not need to give any further indications or interactions. CPR demonstrated that an e-book might have been exploited as malware against Kindle, resulting in a variety of negative outcomes. An attacker might, for example, destroy a user’s e-books or turn the Kindle into a hostile bot that could target other devices on the user’s local network.

Targeting Demographics by Language

The security weaknesses allow a threat actor to target a very particular audience, which concerns CPR greatly. For example, if a threat actor wanted to target a certain demographic or group of individuals, he or she might easily choose a popular e-book in the appropriate language or dialect to launch a highly targeted cyber assault. 

Coordinated Disclosure

CPR informed Amazon of its findings in February 2021. In April 2021, Amazon released a patch for the 5.13.5 version of the Kindle firmware upgrade. On devices that are connected to the Internet, the patched firmware is installed automatically.

“We found vulnerabilities in Kindle that would have allowed an attacker to take full control of the device. By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information. Kindle, like other IoT devices, are often thought of as innocuous and disregarded as security risks. But our research demonstrates that any electronic device, at the end of the day, is some form of computer. And as such, these IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle,” said Yaniv Balmas, Head of Cyber Research at Check Point Software

Yaniv added: “In this case, what alarmed us the most was the degree of victim specificity that the exploitation could have occurred in.  Naturally, the security vulnerabilities allow an attacker to target a very specific audience. To use a random example, if a threat actor wanted to target Romanian citizens, all they would need to do is publish some free and popular e-book in the Romanian language. From there, the threat actor could be pretty certain that all of its victims would, indeed, be Romanian – that degree of specificity in offensive attack capabilities is very sought after in the cybercrime and cyber espionage world. In the wrong hands, those offensive capabilities could do some serious damage, which concerned us immensely. Once again, we showed that we can find these types of security vulnerabilities to make sure they are mitigated for, before the ‘real’ attackers have the opportunity to do so. Amazon was cooperative throughout our coordinated disclosure process, and we’re glad they deployed a patch for these security issues.”