Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user’s device, resulting in the theft of sensitive information by just deploying a malicious ebook.
“By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information,” Yaniv Balmas, head of cyber research at Check Point, said in an emailed statement. “The security vulnerabilities allow an attacker to target a very specific audience.”
In other words, if a threat actor wanted to single out a specific group of people or demographic, it’s possible for the adversary to choose a popular e-book in a language or dialect that’s widely spoken among the group to tailor and orchestrate a highly targeted cyber attack.
Upon responsibly disclosing the issue to Amazon in February 2021, the retail and entertainment giant published a fix as part of its 5.13.5 version of Kindle firmware in April 2021.
Attacks exploiting the flaw commence by sending a malicious e-book to an intended victim, who, upon opening the book,…