A flaw has been detected in Kindle devices that could allow cybercriminals to steal a user’s Amazon credentials and banking information.
The bug, known as KindleDrip, was first detected by Israeli cybersecurity firm Check Point Software who posted a report on its public research site that goes into detail how these hackers get into Kindle devices.
A hacker can access a device via an e-book or document that contains malware, and these files can be easily accessed from any virtual library or website. Once a user downloads and opens up the infected e-book, the malware takes control over the device and gains full access to a person’s Amazon account and, potentially, bank details.
Cybersecurity consulting firm Realmode Labs found another security hole in the ‘Send to Kindle’ feature. The feature allows users to send documents, e-books, and web pages to a personal Kindle device. A user could unknowingly send an e-book infected with malware to their or someone else’s device.
Realmode Labs released their own report detailing this exploit as well as provided some fixes on how to remedy this security flaw.
Check Point Research alerted Amazon of this vulnerability back in February of this year and the vulnerability was later fixed in April. Version 5.13.5 of Kindle’s firmware corrected the issue on devices and corresponding computer. The update is available on Amazon's website.
Check Point Research continues to warn that Kindle tablets and similar devices are just as vulnerable to cyberattacks as smartphones or personal computers, and tells users to be aware of the risks involved in connecting to anything that may seem suspicious.