Skip to main content

Better Business Bureau Thinks an Ebook Could Steal Your CC Info

The Better Business Bureau has identified the next wave of hysteria to sweep the country, and they want to make sure that you’re ready to be panicked.

Guess what? You need to be careful where you get your ebooks.If you aren’t careful then you just might pick up some malware that might steal the credit card numbers from your Kindle or Nook.

Thank you, BBB, I needed the laugh.

This idea is so ridiculous that I am amazed that anyone would say it with a straight face, much less report it on a local news show.

Chris Thetford of the St. Louis BBB says it all starts with what you download.  "Consumers need to be very careful with what they bring into their e-book reader to make sure that what they’re getting is actually the book rather than some sort of malware or some sort of virus which can get in and get their financial information like their credit card number stored on the e-book reader," said Thetford.

I believe in sharing the fun, so let me explain why I am giggling madly.

First, your credit card info isn’t stored on your ereader. It’s stored on secure servers run by Amazon, B&N, or whoever. There are certain legal requirements for storing CC info, and that’s why it’s not on the Kindle but on Amazon’s servers. And even if that info were stored on your Kindle, the legal requirements would require that it be so well protected that it would almost guarantee that hacking the Kindle to get at the info would be difficult to impossible.

Yes, those servers are sometimes hacked, but not from any ereader.

And even if you had sensitive info on the Kindle or Nook, there’s no reason to worry about malware inside an ebook getting at it. No current ereader supports software embedded inside an ebook.

Let’s say some hacker writes an evil program in Javascript and puts it inside a Kindle ebook. When the ebook is opened the Kindle will ignore the code for one simple reason: it does not support Javascript or any other programming language that might be stuck inside an ebook. The same goes for the Nook and virtually every ereader that I have ever put my hands on.

But what about apps, you say? Well, the apps running on the Kindle or the Nook Tablet are so carefully vetted that you have  greater chance of winning the lottery on the 5th Tuesday in February during a meteor shower. Now, apps found elsewhere are potentially dangerous but they will not run on a stock Kindle or Nook (and in any case we are talking about ebooks, not apps).

Now that I have dispelled the current hysteria, let me explain why one day in the distant future you might need to be concerned about your next ereader being attacked by malware.

First, the new Kindle Touch does support some code embedded in certain places (that’s how it was hacked). This is a security hole that Amazon is working on fixing. Note that the code is not inside an ebook, so again ebooks are not a danger.

But there is also Epub3. This new ebook format is coming (eventually), and it does carry some risk. It does support code embedded inside ebooks and that might be  problem if and when you have an ereader  that supports it.

But what about iBooks on the iPad? First, it’s not an ereader. But yes, that is a concern. iBooks does support all sorts of things that you can’t do with an ereader. I do not know if it could be hacked. But that’s not a new problem; the iPad is a tablet and you should be as careful with it as you are with your computer.

In any case, there’s little reason to be worried today. I’m not.

via KSDK

image by Chaotic Good01

Similar Articles


Logan Kennelly January 23, 2012 um 8:43 pm

Before somebody brings up the Nook and its credit card-based DRM, it’s not an issue. Your name and credit card number are combined to form a key, and this key does not reveal your credit card number (or name). Combine this with the fact that you don’t type your credit card into the Nook (you log in and download the key from B&N), and you are safe.

Tyler January 23, 2012 um 9:33 pm

What’s more likely is that someone could steal your e reader and charge a bunch of books on it since it is set up to automatically allow billing without passwords. So while this is not traumatic, it could be annoying.

Nook Lover January 23, 2012 um 11:38 pm


Actually both my Nooks (BNRV300 Simple Touch & BNRV250 Tablet), are password protected when it comes to any purchase placed from them. Once I place my order (and just before final payment) both Nooks will ask me for my B&N Password…, at which point the correct password will then allow the download to begin. So as you can see, I’m not too worried about a unauthorized person charging anything using either of my Nooks!

Nook Lover

Tyler January 25, 2012 um 1:02 am

I checked and it has to be set for password buying. Thanks for the info!

Doug January 24, 2012 um 12:13 pm

I think the point of concern is with PDFs. They’ve been used as vectors for malware for some time now. Somehow I doubt that there’s much that a bad PDF can do other than screwing up your reader. I’ve seen *that* happen a lot on NOOKs, but I don’t think it was malicious. Removing the offending PDF cleared up the problem.

There’s more than just e-books when we look at malware vectors, though. Many e-readers have web browsers, usually JavaScript-enabled, and I’d expect that ordinary phishing scams work pretty well there. Add in the app-enabled tablets and tablettes, and there’s a lot of room for naughty behavior.

Nate the Great January 24, 2012 um 12:18 pm

A PDF can be malicious, but Adobe RM doesn’t support running that code, so I don’t think it’s an issue.

Write a Comment