Amazon fixes security flaw in Kindle ebooks
The flaw could have allowed hackers to access your Amazon account details
Amazon has responded to complaints about malware present on Kindle ebooks by fixing the security flaw.
Yesterday, it was revealed that some ebooks downloaded from the internet were installing malware on the ereader, meaning hackers could potentially gain access to users' Amazon accounts or personal details for identity fraud purposes.
Security researcher Benjamin Daniel Mussler uncovered the flaw and said Amazon was very much open to a cross-site scripting attack.
The issue is not thought to affect people who buy their books from Amazon, but could arise if they use an illegal download or untrustworthy ebook site.
The problem begins when a hacker embeds a malicious script into the ebook file, or simply hyperlinks to the script in its download link.
If you find a book you've been desperately looking for on an ebook download website (for example, an illegal download site), download it and then email it to your Kindle using the Send to Kindle feature, it will show up in your Kindle library on Amazon's website as a script file (typically with a subject that includes
The script could allow everything a user does on their Kindle to be tracked, so if people head back to the Amazon Kindle store and re-login, the hacker would have their login details.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
This flaw does not affect books from Amazon itself, so Mussler's advice is to only download ebooks from Amazon or other trustworthy sites.
Mussler first discovered the flaw in 2013, but Amazon fixed it in three weeks. He then-rediscovered it in July and Amazon failed to patch it, hence why he wrote about it on his blog.
Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.
Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.
As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.