Israeli cybersecurity firm Check Point discovers Amazon security flaw
Israeli cybersecurity firm Check Point said it found a serious security flaw in Amazon software that left a door open for bad actors to take control of a victim’s device and steal sensitive information.
Security breaches in Amazon’s Kindle, the company’s e-reader, have allegedly allowed hackers to break into a user’s device by sending them a malicious e-book, Check Point said Friday.
Check Point said it disclosed the vulnerability to Amazon in February, and the company has since addressed the security hole in a firmware update in April. The firmware is automatically installed on devices connected to the Internet.
Kindle is the world’s most popular e-reader, with tens of millions of estimated sales since the device’s launch in 2007.
Before the firmware update, hackers could have tricked victims into opening a single malicious eBook to gain full control of one of the devices.
Once the victim received the e-book and opened it, the hacker could then have proceeded with the attack through a chain of exploitation, that is, a way to combine a series of security vulnerabilities. to take control of a device. The victim would not have to take any further action, or have any other indication, to fall prey to the attack.
Once the hackers took control of the device, they could have gained access to sensitive user information, such as Amazon account credentials or billing information. The Kindle could also have been deployed as a malicious bot to attack other devices on the user’s local network.
The security breach was particularly dangerous because it could have allowed bad actors to target a specific demographic, Check Point said. For example, if the attackers wanted to attack a certain population group, they could have deployed a popular and malicious eBook in the language or dialect of the group.
“If a threatening actor wanted to target Romanian citizens, it would suffice for him to publish a free and popular e-book in Romanian. From there, the threat actor could be fairly certain that all of his victims would, indeed, be Romanian, ”said Yaniv Balmas, Head of Cyber Research at Check Point. “This degree of specificity in offensive attack capabilities is highly sought after in the world of cybercrime and cyberespionage.”
Kindles and other Internet of Things (IoT) devices are often overlooked as security risks, Balmas said in a statement.
“Our research shows that any electronic device, ultimately, is a form of computer. And as such, these IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks associated with using anything connected to the computer, especially something as ubiquitous as the Amazon Kindle, ”he said.
It was not clear whether hackers exploited this particular vulnerability before it was patched.
Check Point, a cybersecurity firewall maker, is one of Israel’s leading cybersecurity companies. It trades on the Nasdaq under the ticker CHKP at a market cap of $ 16.5 billion.
The company said last month that its revenue for the previous quarter was $ 526 million, beating expectations. He also reported an increase in ransomware attacks over the past year.
In June, Check Point said it discovered four vulnerabilities in the Microsoft Office software suite, including Excel and Office.