Kindle Flaw

CheckPoint Research (CPR) team has found a critical flaw in Amazon’s Kindle E-Book Reader that could be potentially exploited to take full control over a user’s device, resulting in the theft of sensitive information.

According to Yaniv Balmas, head of cyber research at Check Point mentions, “By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information. The security vulnerabilities allow an attacker to target a very specific audience."

These vulnerabilities were reported to Amazon in February 2021 and fixed in the 5.13.5 version of Kindle’s firmware in April 2021. The patched firmware will be installed automatically on devices connected to the Internet.

Critical Flaws With Kindle E-Book Reader

Researchers discovered a valuable heap overflow vulnerability in the JBIG2Globals decoding algorithm,

Kindle Flaw
Malformed JBIG2Globals stream

By using refinement regions, we can “refine” the data outside of the image, and get the arbitrary write primitive. As a result, researchers observed Heap overflow vulnerability tracked as (CVE-2021-30354) in the PDF rendering function, which can be leveraged to gain arbitrary write primitive.

Improper Privilege Management found in the Kindle application manager service (CVE-2021-30355) enables the threat actor to chain the two flaws to run malware-laced code as a root user.

In this case, this  RCE vulnerability was found in the context of the pdf reader process. A user downloads the PDF book to his Kindle device. When the book is opened, a malicious payload is launched.

“We got a jailbroken device, and then analyzed the services that have root rights, as well as the resources they access. Eventually, we found a logical error, or more accurately, improper privilege management, in one of the Kindle services. Great, there is no need to fuzz the device drivers”, says CheckPoint Research Team.

E-Book Function as Malware

Since the malware code is executed with root user rights, just opening such a book could have led to irretrievable damage.

The attacker could have deleted the e-books, potentially gain full access to the user’s Amazon account, could have converted your Kindle to a bot, attacked other devices in your local network, and more, researchers added.

These IoT devices are vulnerable to similar attacks as computers. Each person should be aware of the cyber risks in using anything connected to the computer, especially something as ubiquitous as Amazon’s Kindle.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.