German security researcher Benjamin Daniel Mussler has discovered a vulnerability in Amazon’s Kindle e-reader thatlets hackers hide malicious code in a book’s metadata That Compromises Their Amazon account.
Mr. Mussler first came across the issue in October last year and Notified Amazon. The company patched the problem in four days but recently re-introduced it after updating Their ‘Manage your Kindle’ application. Mr. Mussler Says That HE Notified the company once more but after hearing no reply for Several months HE DECIDED to go public with the flaw.
“From the [hacker's] point of view, vulnerabilities like this presented an opportunity to gain access to Active Amazon accounts, “wrote Mr. Mussler on his personal blog, Adding that” Users who stick to e-books sold and delivered by Amazon Should be safe. “
Thankfully, even for individuals who do cases under the influence of a malicious novel or volume of poetry, the actual damage the hacker can do is mitigated by Amazon’s own security measures.
The Kindle flaw gives hackers access to Amazon accounts by stealing Their Browsing credentials (The cookie saved by yourcomputer That tells Amazon’s website That you’re you) but this means an interloper can only order packages to one of your saved destinations as Adding a delivery address requires users to re-enter Their credit card details – informationthat is not compromised by the attack.
This does not mean That a hacker could not cause quite a bit of trouble (Ordering Large Amounts of items to max out someone’s credit card for example) but as hacks go it’s not on the same scale as someone taking over your computer.
At the time of writing Amazon had not responded to requests for comment.
Update: Mr. Mussler Told The Independent of the emailthat he believes Amazon has now fixed the flaw.
No comments:
Post a Comment