A researcher who hijacked an Amazon account by hacking into a Kindle has warned people about the dangers of downloading ebooks.
Valentino Ricotta, an engineering analyst for Thales, the defence and security group, created a “malicious” ebook that enabled him to exploit vulnerabilities in the Kindle.
When the ebook was downloaded on to the device, he was able to get full access to the linked Amazon account.
Ricotta, an ethical hacker based at Thalium, the Rennes, France-based research division of Thales, looks for vulnerabilities in common devices and presented his findings at the Black Hat Europe hacker conference in London, in a session called Don’t Judge an Audiobook by Its Cover.
He said: “What especially struck me with this device, that’s been sitting on my bedside table for years, is that it’s connected to the internet. It’s constantly running because the battery lasts a long time and it has access to my Amazon account. It can even pay for books from the store with my credit card in a single click.
“Once an attacker gets a foothold inside a Kindle, it could access personal data, your credit card information, pivot to your local network or even to other devices that are registered with your Amazon account.” Ricotta discovered flaws in the Kindle software that scans and extracts information from audiobooks. This software is on the e-reader even though it is not able to play audio files. He also identified a vulnerability in the onscreen keyboard. Through both of these, he tricked the Kindle into loading malicious code, which enabled him to take the user’s Amazon session cookies — tokens that give access to the account. Ricotta said that people could be exposed to this type of hack if they “side-load” books on to the Kindle through non-Amazon stores. • How to beat the porch pirates this Christmas “Many people who side-load books on their Kindle go on third-party websites, mass download many books and they just put it on their Kindle via USB. And so the impact can be there even if the Kindle is not connected to the internet. So it’s about being aware of these kinds of threats, and not trusting third-party websites,” he added. Ricotta informed Amazon of the flaws, which were both deemed “critical” and fixed. He was awarded a “bug bounty” of $20,000 (£15,000), which is given by software companies to ethical hackers who expose vulnerabilities. Thales donated this to charity. • Doomscrolling, texting at dinner… Have we reached peak phone? Kindles have been hacked before through malicious ebooks including in 2021 by researchers from Realmode Labs and Check Point. Alan Woodward, a professor of cybersecurity at the University of Surrey, said: “It’s a sophisticated attack. It just goes to show that systems have many ways of accessing them and all of them need to be secure. It’s like bolting the front door but leaving a side window open. “These sort of vulnerabilities often go unnoticed for some time as the devices are considered unimportant. But it’s effectively running software and it’s connected to a back end remotely, and has the potential to act as an attack route. It’s always the devices that sit unnoticed, often ‘Internet of Things’ [smart] devices, that suddenly are found to be a hidden doorway in.” • Sheeran’s wife and Cruise’s height: the Alexa questions of the year George Loukas, a professor of cybersecurity at the University of Greenwich, said: “There have been vulnerabilities demonstrated on Kindle ebooks in the past, but this new one that is very specific to how audiobooks work is very well crafted. It is important considering how many listen to audiobooks and how valuable access to their Amazon account can be.” Amazon said: “We identified and fixed vulnerabilities affecting Kindle e-readers and the Audible functionality on these devices. All affected devices have received automatic updates addressing these issues. We appreciate the security researchers who help us maintain high security standards for our customers.”