Kindle bug to steal account data, turn it into a bot, attack other devices nearby, and even erase all the books. Amazon will issue a security fix for a nasty bug to allow hackers to steal personal data from Kindle e-readers. Amazon recently issued a security fix for its Kindle e-readers which patches a bug to allow a hacker to steal personal information from devices with the help of a maliciously crafted e-book. The security flaw was identified by researchers.
The bug that affected the e-readers could be taken advantage of not only via users sharing ebooks to their devices but also through books published to the Kindle Store has also dangerous books through the store. The antivirus programs do not have signatures for e-books and users do not usually expect that the e-book reading is malicious. Makkaveev said that “We succeeded in making a malicious book. If you were to open this book on a Kindle device, it could have caused a hidden piece of code to be executed with root rights. From this moment on, you can assume that you have lost control of your e-reader,”.
Makkaveev also said that an attacker could erase the ebooks on your Kindle. They might also gain complete access to your Amazon account details. The device might also be converted into a bot that could attack other devices connected to the same local network – as the post describes it, causing irreparable damage. You can read all about the researcher’s work on identifying the flaw here. Amazon had security flaws in February 2021 and issued a fix to affected Kindle devices two months later in April.