Amazon Kindle's new old bug could expose your account credentials

Amazon Kindle logo

A security flaw in Amazon's Kindle software could allow hackers to access your Amazon account details.

Benjamin Daniel Musser, a security researcher, discovered the issue, which arises when downloading e-books from websites other than Amazon itself.

The "Manage Your Kindle" page contains a security hole that can be exploited by attackers hiding malicious lines of code within e-books. Once the Kindle Library has been loaded with a corrupted e-book (usually with a subject containing: <script src="https://www.example.org/script.js"), the hacker can access the user's cookies and, hence, their account credentials.

Detailing the problem in a blog post, Musser discovered the issue back in October 2013 and before reporting it to Amazon. The web giant did correct the security flaw initially, but it has since resurfaced following a "Manage Your Kindle" update. However, if users only download from trusted websites or Amazon itself, then the issue should be avoidable.

That being said, another Amazon-owned service, Audible, has had a security issue of its own recently. The audiobook service, which was acquired by Amazon in 2008, apparently allowed customers to use fake email addresses and credit card numbers in order to download files.

The service only checks payment details after a book has been downloaded, allowing users to renew their fake membership to receive more credits.

A spokesperson for the firm has moved to downplay the illegal transactions, claiming that purchases made with a fake card were "closed quickly" and that the company takes credit card fraud "very seriously".

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

2 Responses to Amazon Kindle's new old bug could expose your account credentials

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.