Amazon Kindle e-readers have been sold since 2007.
Since then, tens of millions of e-readers have been sold by Amazon. But, unfortunately, popularity also draws the attention of hackers. This is the first time such an attack has been publicized.
On 6th August 2021, findings of a security flaw in Amazon’s Kindle e-reader were disclosed by Slava Makkaeveev, a researcher from Check Point. The compromised device could allow attackers to gain root access and steal money and data.
Luckily, according to their blog post, Amazon released fixes for those flaws and would be installed automatically once it is connected to the internet.
“The issues we found were reported to Amazon in February 2021 and fixed in the 5.13.5 version of Kindle’s firmware in April 2021. The patched firmware will be installed automatically on devices connected to the Internet.”
Check your device now to see if it is in the 5.13.5 version of the above.
Although we share and download ebooks often, and there are billions of ebooks available online, there are no antivirus signatures for ebooks (except pdf). As a result, without using a computer to transfer ebooks, there is no way your anti-malware software would alert you.
Additionally, e-reader users (myself included)buy and read ebooks directly from Kindle. Hackers know that, too. Therefore, they find the most direct method to deliver exploits to the device is via ebook files.
The foolproof way to remotely approach a user’s Kindle is through a specially crafted ebook.
A malicious ebook file can be published and made available for free download in any virtual library, including the Kindle Store (by using the “self-publishing service”). Or, it can be sent directly to the targeted device via “send to kindle service.”
Check Point disclosed the findings in their recent blog post.
But, more than that, they also created a proof-of-concept malware to demonstrate how easy is such an attack can be.
The article explained that once the malicious ebook file was opened on a Kindle, it would have executed a hidden code with root rights. Thus, the user would lose control of the device by that moment, even if it were in their hands.
The malware developed by Check Point then gained root access, providing the complete attacker control of the e-reader, including access to the user’s Amazon account, cookies, and the device’s private keys.
If a victim clicked on the malicious eBook (demonstrated in the video), it connected to a remote server and locked the user’s screen. Users can then only force power off the device and put it offline. If you confirm the device is out of control, you can try the force factory reset procedure to secure the device.
More alarming to us is that it could make the attack more successful with a bit of tweak.
In the report, the Check Point team offered an example of targeting Romanians. What they did was to find a popular title from Amazon and translate it into Romanian.
Re-printing a popular ebook with another language could give attackers unlimited samples to deliver their malicious code.
Furthermore, as discussed above, with multiple “free” ebooks on hand, adversaries would share the file in various public virtual libraries or send it out through phishing.
E-readers, like Kindle, were often ignored — we only do specific actions on those devices and thus do not overthink when it is on.
However, attackers can deliver a customized malware in an ebook format to your device with a bit of social engineering.
As the malware code is executed with root user permission, simply opening such an ebook could have led to irreversible damage. The attacker could:
The findings once again tell us that all devices are vulnerable.
We need to pay more attention to everything that has internet access. Without a proper safeguard, we do not have an excellent way to verify if the file is clean.
As a result, the best we can do is protect ourselves from other kinds of cyberattacks to have better cyber hygiene. For example, devices like e-reader should be kept offline when necessary. Also, only open ebooks from trusted sources are essential.
Thank you for reading. May InfoSec is with you🖖.
This article was also published behind a paywall here.