Check Point, an Israeli cybersecurity provider, found that by clicking an e-book infected by malware, users could lose control of both their Kindle tablet and their Amazon accounts.
A severe Amazon security breach was detected in Amazon’s e-book tablet Kindle by Israeli cybersecurity provider Check Point, the company revealed on Friday.
According to the company’s Israeli cyber investigators, the security breach found allowed them to hack the tablets, gain full control and steal the e-reader users’ Amazon accounts.
Check Point’s findings were revealed at DEF CON, the world’s largest hacker and cybersecurity convention, held annually in Las Vegas. The annual conventions are regularly attended by FBI agents on top of the companies in the cyber field.
The company managed to hack into the Kindles by exploiting a breach that occurs as the tablet is processing an e-book the reader has clicked on.
In the few seconds it takes for the tablet to process an e-book before displaying it to the user on the screen, the cyber investigators managed to run a code into the e-book, capable of handing complete remote control of the tablet to the hackers.
By clicking an e-book infected by malware, users could lose control of both their tablet and their Amazon accounts without ever being aware of the cyberattack occurring.
“Kindle, like other IoT [Internet of Things] products, are wrongfully though of as products which don’t require a high security level,” explained Itay Cohen, a Check Point senior cyber investigator, at the convention. “Any device with an internet connection is a potential target for cyberattacks,” Cohen noted.
“We are delighted that Amazon realized the severity of the breach and worked with us [Check Point] to fix the issue,” Cohen added.
The breaches were fixed by Amazon’s security department, with assistance given by Check Point. Amazon’s newest update containing a fix was released and automatically installed in Kindles all over the world.
Another Israeli cyber company was in the spotlight last month, as a report published by 17 media organizations suggested NSO’s hacking spyware, Pegasus, was under “widespread and continuing abuse” by authoritarian governments.