Latest in Amazon

Image credit:

Kindle security flaw can be exploited by hidden codes in e-books

47 Shares
Share
Tweet
Share

Sponsored Links

Next time you come across a Kindle e-book link somewhere other than Amazon itself, you may want to make sure it's not some dubious website before you hit download or "Send to Kindle." A security researcher by the name of Benjamin Daniel Musser has discovered that the "Manage Your Kindle" page contains a security hole -- one that hackers can take advantage of with the help of e-books hiding malicious lines of code. Once you load the Kindle Library with a corrupted e-book (typically with a subject that includes <script src="https://www.example.org/script.js"></script>), a hacker gets access to your cookies, and, hence, your Amazon account credentials.

Based on the updates Musser wrote at the bottom of the report's web page, he first discovered the flaw in October last year. Amazon patched it up shortly after he reported it, but it made its way back after a "Manage Your Kindle" overhaul. Still, he believes the issue should be easy to avoid, so long as you don't download e-books (pirated or otherwise) from websites you don't know. Aside from Kindle, another Amazon-owned service was also thrust into the spotlight earlier for exhibiting a security flaw. Audible, the company's audiobooks service, apparently allowed users to use fake emails and credit card numbers in order to download as many files as they want. An Audible spokesperson stressed, however, that transactions made using fake credit cards were "closed quickly" and that the service takes credit card fraud seriously.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
47 Shares
Share
Tweet
Share

Popular on Engadget

Ford hopes you'll trade some privacy for discounted car insurance

Ford hopes you'll trade some privacy for discounted car insurance

View
Bethesda games leave GeForce Now streaming service

Bethesda games leave GeForce Now streaming service

View
Samsung temporarily shuts down phone factory following coronavirus case

Samsung temporarily shuts down phone factory following coronavirus case

View
Hitting the Books: A brief history of industrial espionage and corn

Hitting the Books: A brief history of industrial espionage and corn

View
'Minecraft Earth' gets a bit more physical thanks to new NFC-enabled minis

'Minecraft Earth' gets a bit more physical thanks to new NFC-enabled minis

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr