Kindle security flaw can be exploited by hidden codes in e-books

Sponsored Links

Kindle security flaw can be exploited by hidden codes in e-books

Next time you come across a Kindle e-book link somewhere other than Amazon itself, you may want to make sure it's not some dubious website before you hit download or "Send to Kindle." A security researcher by the name of Benjamin Daniel Musser has discovered that the "Manage Your Kindle" page contains a security hole -- one that hackers can take advantage of with the help of e-books hiding malicious lines of code. Once you load the Kindle Library with a corrupted e-book (typically with a subject that includes <script src="https://www.example.org/script.js"></script>), a hacker gets access to your cookies, and, hence, your Amazon account credentials.

Based on the updates Musser wrote at the bottom of the report's web page, he first discovered the flaw in October last year. Amazon patched it up shortly after he reported it, but it made its way back after a "Manage Your Kindle" overhaul. Still, he believes the issue should be easy to avoid, so long as you don't download e-books (pirated or otherwise) from websites you don't know. Aside from Kindle, another Amazon-owned service was also thrust into the spotlight earlier for exhibiting a security flaw. Audible, the company's audiobooks service, apparently allowed users to use fake emails and credit card numbers in order to download as many files as they want. An Audible spokesperson stressed, however, that transactions made using fake credit cards were "closed quickly" and that the service takes credit card fraud seriously.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Popular on Engadget