To Customer Support To Customer Support

Kindle security flaw leaves Amazon account details vulnerable

  • 16 September 2014
  • 2 replies
  • 1068 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
16 Sep 2014 by Barclay Ballard
 


 
 A security flaw in Amazon's Kindle software could allow hackers to access your Amazon account details.
Benjamin Daniel Musser, a security researcher, discovered the issue, which arises when downloading e-books from websites other than Amazon itself.
 
The "Manage Your Kindle" page contains a security hole that can be exploited by attackers hiding malicious lines of code within e-books. Once the Kindle Library has been loaded with a corrupted e-book (usually with a subject containing: <script src="https://www.example.org/script.js"), the hacker can access the user's cookies and, hence, their account credentials.
 
Full Article

2 replies

Ssherjj
Rank
Userlevel 7
Badge +62
Hello Webrooters!

That's so sad because a lot of students, children use these Kindles and it's ridiculous to have this vulnerability! But they need to know to only download from Amazons Trusted sites Right?

Thanks for the article Jasper I'll spread the word!
Windows Insider, iMac 2021 27 in i5 Retina 5, iMac OS Sonoma (14.3.1}, Security: iPads, W 10 & (VM:15), ALIENWARE 17R4, W10 Workstation, ALIENWARE 15 R6, W11, Webroot® SecureAnywhere™ Internet Security Complete (Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester. Security
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
17 Sep, 2014 Clare Hopping
 

The flaw could have allowed hackers to access your Amazon account details

Amazon has responded to complaints about malware present on Kindle ebooks by fixing the security flaw.
Yesterday, it was revealed that some ebooks downloaded from the internet were installing malware on the ereader, meaning hackers could potentially gain access to users' Amazon accounts or personal details for identity fraud purposes.
Security researcher Benjamin Daniel Mussler uncovered the flaw and said Amazon was very much open to a cross-site scripting attack.
The issue is not thought to affect people who buy their books from Amazon, but could arise if they use an illegal download or untrustworthy ebook site.
 
Full Article

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.