An investigation by Check Point Research has found that a security vulnerability in Amazon’s Kindle e-reader could have allowed attackers to take over devices using maliciously crafted e-books. The cyber threat intelligence firm converted an e-book into malware that could lock users out of their devices and steal personal information, including billing details.

It makes a lot of sense if you consider that simple IoT devices (remember that connected fish tank in a casino) have long been known to be attack vectors into networks, and we’ve already seen what gets in via Microsoft Word documents. The question is whether such books may also place Android phones or iPads at a similar risk.

See https://mybroadband.co.za/news/security/409164-major-amazon-kindle-security-flaw-discovered.html

#technology #malware #ebooks #vulnerabilities #virus

  • @AgreeableLandscape
    link
    5
    edit-2
    3 years ago

    On today’s episode of Why the Fuck is that Executable?

    Same question as with PDFs and Word documents.

    • GadgeteerZAOP
      link
      53 years ago

      It’s not always directly executable code - it often exploits shortcomings with the viewer or interpreter, triggers out of range memory errors etc.

      • @AgreeableLandscape
        link
        2
        edit-2
        3 years ago

        The article didn’t seem to talk about the mechanism, but I think it’s probably some dynamic display or interactivity feature which executes code, like interactive PDFs or Microsoft Office macros. Hell, it could be a packaged HTML document with inline JavaScript for all I know.

        If it was a buffer exploit, I feel like that would have been mentioned.