Discovery Of An Exploit That Allows Kindle E-Reader Takeover Was Awarded $18000 By Amazon
A cybersecurity researcher, Yogev Bar-On at Realmode Labs, an Israel-based cybersecurity consulting firm, discovered an exploit named as KindleDrip in October 2020. According to Amazon, to execute this attack successfully, it involves exploiting three different security flaws. The principal weakness in the exploit was identified with the “Send to Kindle” service, which permits clients to send a digital book in a mobile format to their Kindle gadget by means of email as a connection.
Amazon creates a @kindle.com email address where a client can send digital books as an attachment from a rundown of the email that tends to be affirmed by the client. Yogev Bar-On found that he could manhandle this component to send a uniquely created digital book that would permit him to execute discretionary code on the subject device.
The malevolent digital book accomplished code execution by utilizing a weakness identified with a library utilized by the Kindle to parse JPEG XR pictures. Abuse required the client to tap on a link inside a digital book that contained a vindictive JPEG XR picture, which would bring about an internet browser opening and the aggressor’s code getting executed with restricted permissions.
The specialist additionally found a weakness that permitted him to raise advantages and execute the code as root, which gave him complete admittance to the gadget. Yogev Bar-On clarified in a blog entry that “The attacker could access device credentials and make purchases on the Kindle store using the victim’s credit card. Attackers could sell an e-book on the store and transfer money to their accounts. At least the confirmation email would make the victim aware of the purchase.”
It’s significant that an aggressor couldn’t access real payment card details or passwords through such an assault since this kind of information isn’t put away on the gadget. All things being equal, they could acquire unique tokens that can be utilized to access the casualty’s account. An aggressor would have just required the subjected client’s email address and to persuade the casualty to tap on the link inside the malignant digital book. While the Send to Kindle service just permits clients to send digital books from pre-affirmed email addresses, the researcher brought up that an assailant might have essentially utilized an email spoofing service.
The prefix of the @kindle.com email address of the client in most instances was equivalent to their normal email. The security flaws that allowed changes to the Kindle firmware, the code execution, and increasing advantage issues, were fixed in December with the arrival of variant 5.13.4. Amazon currently likewise sends a verification/confirmation link to email addresses that can’t be validated, it adds a couple of characters to some email pseudonyms to make them harder to estimate, and frameworks are set up to forestall brute-forcing of the email addresses. Kindle clients aren’t required to make any move.
An Amazon representative expressed that the security of our gadgets and administrations is the first concern. We have just delivered a programmed software (automated) update over the Internet fixing this issue for all Amazon Kindle models delivered after 2014. Other affected Kindle models will likewise get this fix. We likewise have gauges set up to help keep clients from getting content they haven’t mentioned. We appreciate the efforts of independent analysts who inform us about such issues.
If you like this article, follow us on Twitter, Facebook, Instagram, and Linkedin.