Security Hole Found in Kindle Touch Web Browser

For the longest time now I've been bugged by the fact that Amazon continues to label the 4 year old web browser on the Kindle experimental, but after today's news I can see that  it is still an experiment.

A German security firm has just posted a proof of concept hack which exploits a security hole in the web browser on the Kindle Touch.

The security hole was identified about 3 months ago over on MobileRead. It seems that the latest update to the Kindle Touch added a new plugin for the web browser.

It's a NPAPI plugin, and you actually have a variation of it running in your web browser right now. Ever open a PDF in the browser? That's one kind of NPAPI plugin, but in the case of the Kindle Touch the plugin is set to look for commands embedded in webpages and then execute them on the Kindle Touch.

Okay that doesn't sound like much, but it turns out that the plugin can execute the commands with admin or root privileges on the Kindle Touch. For example, if a hacker embedded the right commands in a webpage, they could erase your Kindle. There's also a chance that the hacker might be able to get at the credentials for your Amazon account.

This is something of a concern, but I wouldn't get too worried. So far it doesn't seem that very many people have noticed the hole. There's a browser-based jailbreak that exploits it, but that's about it. And there are reports that Amazon is working on a patch which will close the hole.

At worst you'll end up reporting fraud on your account. It's a pain, but not the end of the world. Still, I'd give up on any potentially unsafe web browsing for the time being, just to be safe.

So apparently Amazon's definition of experimental involves using all of us as guinea pigs. Hey, Amazon, take this experimenter back to the lab, would ya?

via

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

1 Comment

  1. […] aceasta problema.Aceasta gaura de securitate a aparut cu firmware-ul 5.1.0, doar pe Kindle Touch.[sursa] [info suplimentare]Articole asem?n?toareupdate kindle touch si zvonuri despre un nou nook simple […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top
%d bloggers like this: