Sharing eBook With Your Kindle Could Have Let Hackers Hijack Your Account

  • Amazon has dealt with a range of flaws in its Kindle e-reader platform that could have authorized an attacker to acquire control of victims’ devices by simply just sending them a malicious e-e book.

    Dubbed “KindleDrip,” the exploit chain will take gain of a aspect referred to as “Mail to Kindle” to send out a malware-laced doc to a Kindle gadget that, when opened, could be leveraged to remotely execute arbitrary code on the machine and make unauthorized purchases.

    “The code operates as root, and the attacker only needs to know the email tackle assigned to the victim’s system,” mentioned Yogev Bar-On, a security researcher for Readlmode Labs, in a technical write-up on Thursday.

    The first vulnerability lets a terrible actor deliver an e-guide to a Kindle, the 2nd flaw makes it possible for for remote code execution even though the e-e book is parsed, and a third issue makes it possible to escalate privileges and run the code as the “root” person.

    When connected together, these weaknesses could be abused to swipe gadget credentials and make purchases on e-guides offered by the attackers them selves on the Kindle store working with the target’s credit card.

    Amazon preset the flaws on December 10, 2020, for all Kindle products introduced just after 2014 next Bar-On’s accountable disclosure on October 17. He was also awarded $18,000 as element of the Amazon Vulnerability Research System.

    Sending a Malicious e-e-book from a Spoofed Deal with

    An essential factor of the Ship to Kindle function is that it only works when a doc is sent as an attachment to a “kindle.com” email tackle ([name]@kindle.com) from email accounts that have been earlier extra to an “Accepted Private Document E-mail Listing.”

    Or that’s how it preferably should. What Bar-On in its place discovered was that Amazon not only did not confirm the authenticity of the email sender, an e-guide that was sent from an approved-but-spoofed handle routinely appeared on the library with no indication that it was obtained from an email message.

    But pulling this off successfully demands expertise of the desired destination Kindle email deal with, a special “[name]@kindle.com” deal with that is assigned to each individual Kindle unit or application on registration. Even though, in some conditions, the name is suffixed by a random string, Bar-On argues that the entropy on most of the addresses is lower more than enough to be trivially guessed employing a brute-power strategy.

    On the other hand, when the e-guide is sent to a sufferer machine, the attack moves to the up coming stage. It exploits a buffer overflow flaw in the JPEG XR image structure library as nicely as a privilege escalation bug in a person of the root processes (“stackdumpd”) to inject arbitrary commands and run the code as root.

    Therefore when an unsuspecting person opens the e-e book and faucets on a person of the inbound links in the desk of contents, the Kindle would open an HTML page in the browser that contained a specifically-crafted JPEG XR impression and parse the graphic file to operate the attack code — thus making it possible for the adversary to steal the user’s qualifications, just take control about the machine, and pretty much obtain personalized data connected with the victim.

    Amazon has now remediated the security holes by sending people a verification connection to a pre-permitted tackle in eventualities in which a document is despatched from an unrecognized email tackle.

    Software updates on Kindle equipment are by default downloaded and mounted when linked wirelessly. Users can head to Settings → Menu → Device Information to verify if their firmware is up-to-day, and if not, manually obtain and set up the 5.13.4 update to mitigate the flaws.

    Found this report intriguing? Adhere to THN on Fb, Twitter  and LinkedIn to browse more special articles we post.