A squad of researchers astatine information steadfast Check Point Research has discovered a vulnerability successful Kindle e-readers—one that could let hackers to instrumentality implicit the device, delete information and perchance summation entree to Amazon relationship information. The radical has posted an extended reappraisal of the enactment they person done to observe vulnerabilities successful the e-reader connected their web page, describing what they recovered and divulging what Amazon has done to close the problem.
E-readers are portable physics devices that let users to work downloaded text—such devices tin beryllium utilized to work PDF files oregon books formatted specifically for e-readers. They are typically precise bladed and light, with screens designed to marque substance look precise akin to printed pages. Amazon began moving connected an e-reader backmost successful 2004 and began selling its archetypal Kindle successful 2007. Since that clip the institution has produced a precise fashionable bid of Kindle devices. In this caller effort, the researchers recovered that the latest mentation of the Kindle e-reader has a vulnerability that makes it imaginable for hackers to interruption into the device by attaching codification to an e-book they had created.
The vulnerability was recovered successful the firmware and was determined to beryllium related to a heap overflow successful the portion of the firmware codification related to rendering PDF files, on with a flaw successful the codification related to escalating section privileges connected the device. A hacker, it was found, could connect codification to a publication they had written and past nonstop it to an unsuspecting victim. Upon opening the e-book, codification would motorboat that would springiness the hacker unlimited entree to the device. Such access, the researchers note, could impact not lone stealing e-books, but preventing the idiosyncratic from accessing them, oregon deleting those that had been downloaded. It could besides person allowed the hacker to entree the user's Amazon relationship information.
The squad astatine Check Point notified Amazon of the vulnerability they had recovered this past February and Amazon responded by issuing a spot this past May—thus, the vulnerability does not presently airs a menace to Kindle owners; though it does punctual them that immoderate instrumentality that connects to the Internet holds the imaginable for breaches by hackers.
© 2021 Science X Network
Citation: Vulnerability recovered successful Kindle e-reader (2021, August 9) retrieved 9 August 2021 from https://techxplore.com/news/2021-08-vulnerability-kindle-e-reader.html
This papers is taxable to copyright. Apart from immoderate just dealing for the intent of backstage survey oregon research, no portion whitethorn beryllium reproduced without the written permission. The contented is provided for accusation purposes only.