German security researcher Benjamin Daniel Mussler has discovered a vulnerability in Amazon’s Kindle e-reader that lets hackers hide malicious code in a book’s metadata That compromises Their Amazon account.
Mr Mussler first came across the issue in October last year and European notified Amazon. The company patched the issue in four days but recently re-Introduced it after updating Their ‘Manage your Kindle’ application. Mr Mussler Says That he European notified the company once more but after hearing no reply for several months he DECIDED to go public with the flaw.
“From the [hacker's] point of view, vulnerabilities like this present an opportunity to gain access is active Amazon accounts, “wrote Mr Mussler on his personal blog, adding that” Users who stick to e-books sold and delivered by Amazon should be safe. “
Thankfully, even for Individuals who to fall under the influence of a malicious novel or volume of poetry, the actual damage the hacker can do is mitigated by Amazon’s own security Measures.
The Kindle flaw gives hackers access this Amazon accounts by stealing Their browsing credentials (the cookies saved to your computer That tells Amazon’s website that you ‘re you) but This Means an interloper can only order packages they of your saved destinations as adding a delivery address requires users to re-enter Their credit card details – That information is not compromised by the attack.
This does not mean That a hacker could not cause quite a bit of trouble (ordering large amounts of items that max out someone’s credit card for example) but as hacks it it’s not on the same scale as someone taking over your computer.
At the time of writing Amazon had not responded that requests for comment.
Update: Mr Mussler told The Independent over email That he believes to Amazon has now fixed the flaw.
No comments:
Post a Comment