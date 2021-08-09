The Kindle flaw would have allowed hackers to access personal data

Amazon issued a patch to fix a security hole in the Kindle that could have let hackers get away with your personal data.

Check Point Research found the bug in Amazon's e-reader line and disclosed it to the company in February. Amazon then fixed it in April. It's not clear whether the bug was exploited pre-patch but it is clear that the flaw could have comprised the millions of Kindle's across the globe.

The findings were released for the public on August 6 in a report by Check Point's Slava Makkaveev. The main problem is that an eBook can be published and made available on the Kindle Store for free through self-publishing. It can even be sent directly to another Kindle via the "Send to Kindle" service.

Someone could have used this to publish a malicious eBook on the store, that when downloaded onto a user device could have enabled their devices to be turned into, "bots or their private local networks could be compromised, and perhaps even information in their billing accounts can be stolen."

Another problem is that Antiviruses do not have signatures for eBooks. Check Point experimented and was successful in making a malicious eBook that could execute code with root rights. This would have given a hacker complete control of the Kindle.