An investigation by Check Point Research has found that a security vulnerability in Amazon’s Kindle e-reader could have allowed attackers to take over devices using maliciously crafted e-books. The cyber threat intelligence firm converted an e-book into malware that could lock users out of their devices and steal personal information, including billing details.
It makes a lot of sense if you consider that simple IoT devices (remember that connected fish tank in a casino) have long been known to be attack vectors into networks, and we’ve already seen what gets in via Microsoft Word documents. The question is whether such books may also place Android phones or iPads at a similar risk.
See https://mybroadband.co.za/news/security/409164-major-amazon-kindle-security-flaw-discovered.html
#technology #malware #ebooks #vulnerabilities #virus
The article didn’t seem to talk about the mechanism, but I think it’s probably some dynamic display or interactivity feature which executes code, like interactive PDFs or Microsoft Office macros. Hell, it could be a packaged HTML document with inline JavaScript for all I know.
If it was a buffer exploit, I feel like that would have been mentioned.
True they did not mention, but yes as ebook files are not actually executable, or executed, they are interpreted.
https://youtube.com/watch?v=1jM_r-pe8Ss