Kindle Touch Update Kills Hack, Closes Security Loophole

It took less than 9 days after I learned of and reported on a security hole in the Kindle Touch's web browser before Amazon released a patch that closes it.  Darn. That security hole was a concern, but it also enabled you to easily hack your Kindle Touch.

When Amazon released its second update to the Kindle Touch in April of this year, they announced a number of useful features like the new KF8 support, more language options in the menus, and instant translate. But they also accidentally added a little surprise left buried in the code, one which delighted some hackers when they noticed it.

The surprise was a security hole in the web browser which would let a malicious website run commands on any Kindle Touch which visited it. Potentially this hole might have enabled a hacker to steal credentials and access your Amazon account - though I have not heard of that happening. So far as I know the only time this hole was exploited was by a site that helped you hack your Kindle so you can add more features. That was not at all malicious.

While I might moan about the update closing the hole, it's actually a good thing. If you're not planning to hack your Kindle Touch then you should definitely get this patch. It does add protection from a potential risk, so I'd get it (if not for the fact I want to keep my hacked Kindle).

I've checked, and this update truly is a patch. The update file itself is a measly 1.5MB, and that means there's probably nothing else in the update besides the patch. Luckily this is an optional update, and it only works if your Kindle Touch is running OS 5.1.0 or OS 5.1.1. I suppose that's part of the reason why it hasn't been pushed out to everyone.

You can find the update here. Follow Amazon's instructions on how to download and install it.

 

Nate Hoffelder

View posts by Nate Hoffelder
Nate Hoffelder is the founder and editor of The Digital Reader: He's here to chew bubble gum and fix broken websites, and he is all out of bubble gum. He has been blogging about indie authors since 2010 while learning new tech skills at the drop of a hat. He fixes author sites, and shares what he learns on The Digital Reader's blog. In his spare time, he fosters dogs for A Forever Home, a local rescue group.

2 Comments

  1. Rashkae25 July, 2012

    Jailbreaking the Kindle touch manually is no more difficult than installing the ‘packages’ you want, which is something you have to do even if using the browser based exploit. Leaving a browser wide open to attack like that, however, would have been grossly negligent of Amazon. Not because how it affects people jailbreaking their kindles, but it would have been trivial for anyone to create a malicious site that somehow entices kindle users (free book downloads right to your kindle, as an example.)

    Reply
  2. […] a?a c? nu to?i utilizatorii sunt afecta?i.Patch-ul 5.1.2 se poate desc?rca de pe Amazon.[sursa]Articole asem?n?toareprobleme de securitate in firmware 5.1.0 kindle touchupdate kindle touch si […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to top
%d bloggers like this: