Hackers want to steal your Amazon account… using Kindle eBooks?


13510765_s

Do you think about security when you download an eBook? Probably not. But what if that eBook could allow a hacker to gain remote access to your Amazon account and max out all of its credit cards? A Kindle vulnerability from earlier this week, which has since been patched, shows exactly how pirated eBooks could have been used to hack Amazon accounts.

Discovered by independent researcher Benjamin Daniel Mussler, the vulnerability enabled cross site scripting on the Kindle Library management web page accessed through Amazon accounts. Mussler found that the book title metadata on third party eBooks with the .mobi extension could be modified to run a malicious script, instead of displaying the book title in the Kindle Library manager. Such a script could be designed to grab everything a hacker would need to gain access to your Amazon account and make purchases in your name.

Mussler published his findings on Monday, and on Tuesday the vulnerability – which did not affect .azw Amazon eBooks – was patched.

While no longer a direct concern to Kindle users, this latest issue is a good reminder that Internet security is hardly limited to PCs or smartphones. If you are using any device to connect to the Internet, it needs to be secured.

Have a great (paper-free) day!

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Mussler’s full report can be found here.

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next