A new Amazon Kindle flaw may have enabled attackers to take control of your eBook reader - ICSS


The new Amazon Kindle flaw may have enabled attackers to take control of your eBook reader. Amazon patched a significant vulnerability in its Kindle e-book reader platform earlier this April, which could have been abused to take full control of a user's device, resulting in the loss of personal information by simply deploying a rogue e-book.

"An attacker may have grabbed everything data stored on the device, from Amazon's credentials to payment information, by mailing an infected e-book to Kindle customers "In an emailed statement Yaniv Balmas, Head of Cyber Research, stated Checkpoint. "Security flaws allow a hacker to target a very specific public."

Amazon Kindle flaw may have enabled attackers

To put it another way, if a threat actor wanted to target a certain group of individuals or demography, the adversary could select a popular e-book in a language or dialect widely spoken within the population to tailor and organise a highly focused cyber attack.

After appropriately revealing the issue to Amazon in February 2021, the retail and entertainment behemoth released a remedy in April 2021 as part of its 5.13.5 edition of Kindle software.

Attacks that take advantage of the flaw begin by sending a malicious e-book to the intended victim, who, upon opening the book, initiates the infection sequence without any interaction, allowing the attacker to delete the user's library, gain full access to the Amazon account, or could turn the Kindle into a bot to infiltrate the target's local network and attack other devices.

The flaw is in the firmware's e-book parsing architecture, notably in the implementation of how PDF documents are opened, which allows an attacker to execute a malicious payload on the device.

This is made possible by a heap overflow vulnerability in the PDF rendering function (CVE-2021-30354), which can be exploited to gain arbitrary write primitive, and a Kindle application management service (CVE-2021-30355) local privilege escalation weakness that allows threat actors to combine the two flaws to root the malware laid code.

Earlier this month, Amazon patched a similar flaw known as "KindleDrip," which may have allowed an attacker to seize control of victims' devices by delivering a malicious e-book to the targets and making unauthorised purchases.

"Kindle, like other IoT devices, is frequently thought of as benign and overlooked as a security issue," added Balmas. "These IoT devices are subject to the same types of threats as computers are.Everyone should know about the cyber dangers of any computer related use, especially something that is so commonly used as Amazon's Kindle."

Why Choose Indian Cyber Security Solutions (ICSS) ?

Indian cyber security Solutions is one of best institute of India among other institute in India. ICSS offer as CEHv11 Courses in India as well as kali Linux. ICSS has won as many award for giving the online training as well as offline training. Its way of giving the training is unique which is easily adapted by the student as well as the professional. Due to way how ICSS trained the student it has got as many award some of award are Tech Brand of 2020,Ten most trusting cyber security certification provider 2021 and many more.

Among the many Ethical Hacking course in India, Indian Cyber Security Solutions would be the right for you to join. We have the right set of practical lab classes set up for students to learn as well as industry grade trainers who would conduct the classes and impart the right set of Cyber Security Knowledge to students. Our efforts have been acknowledged by various reputed administrative institutes, such as "Top Ten Training Institutes in India in 2020 by Silicon India; as well as Ten Most Trusted Training & Cyber Security Certifications Provider, 2021 by The Knowledge Review.

As an Education Institute, we are also cyber security service provider to corporate organization. Services like VAPT, Web Penetration Testing, Network Penetration Testing, Mobile Application Penetration Testing to corporate organization like IRCTC, HDFC, Cambridge Technologies, and many more. With this, Indian Cyber Security Solutions have been acknowledged as the 20 Tech Brands of 2021. by Business Connect India.

Our Cyber Security Services

Cyber Security is extremely important for every organisation and that we understand that data theft avoided is better than data theft done. Thus we also provide cyber security services to various MNCs across India. Our team is professional in providing Web Application Penetration Testing, Network Penetration Testing, Mobile Application Penetration Testing to clients.

We this, we have been acknowledged as the top 20 most Cyber Security Trusted Brands for 2021 by The Global Hues. We stand by to our commitment in providing the right cyber security training to students. We have provided services to clients like Madhya Pradesh Gramin Bank, Odisha State Pollution Control Board, HDFC Life Insurance Corporation, Qatar Development Bank and many more.





Globsyn Crystals Building,5th Floor, Unit-4, Webel MoreKolkata – 700091


Chirush Mansion, 3478J HAL 2nd Stage,13th A Main Road Indiranagar Bangalore – 560008 Land Mark: Behind New Horizon School


Indian Cyber Security Solutions Cyber Security Research & Analytics Center Vine Avenue Moncton NB,Canada, PO E1E 1J9


Indian Cyber Security Solutions Australia (Research and Development Center)11 Darling Street, Hughesdale Melbourne VIC. 3166

© 2021 Indian Cyber Security Solutions | Green Fellow IT Security Pvt. Ltd.