Kindle Touch Update Kills Hack, Closes Security Loophole
It took less than 9 days after I learned of and reported on a security hole in the Kindle Touch’s web browser before Amazon released a patch that closes it. Darn. That security hole was a concern, but it also enabled you to easily hack your Kindle Touch.
When Amazon released its second update to the Kindle Touch in April of this year, they announced a number of useful features like the new KF8 support, more language options in the menus, and instant translate. But they also accidentally added a little surprise left buried in the code, one which delighted some hackers when they noticed it.
The surprise was a security hole in the web browser which would let a malicious website run commands on any Kindle Touch which visited it. Potentially this hole might have enabled a hacker to steal credentials and access your Amazon account – though I have not heard of that happening. So far as I know the only time this hole was exploited was by a site that helped you hack your Kindle so you can add more features. That was not at all malicious.
While I might moan about the update closing the hole, it’s actually a good thing. If you’re not planning to hack your Kindle Touch then you should definitely get this patch. It does add protection from a potential risk, so I’d get it (if not for the fact I want to keep my hacked Kindle).
I’ve checked, and this update truly is a patch. The update file itself is a measly 1.5MB, and that means there’s probably nothing else in the update besides the patch. Luckily this is an optional update, and it only works if your Kindle Touch is running OS 5.1.0 or OS 5.1.1. I suppose that’s part of the reason why it hasn’t been pushed out to everyone.
You can find the update here. Follow Amazon’s instructions on how to download and install it.
Rashkae July 25, 2012 um 9:23 am
Jailbreaking the Kindle touch manually is no more difficult than installing the 'packages' you want, which is something you have to do even if using the browser based exploit. Leaving a browser wide open to attack like that, however, would have been grossly negligent of Amazon. Not because how it affects people jailbreaking their kindles, but it would have been trivial for anyone to create a malicious site that somehow entices kindle users (free book downloads right to your kindle, as an example.)
amazon a remediat problema de securitate din firmware 5.1.0 | bookreader.ro July 26, 2012 um 1:59 am
[…] a?a c? nu to?i utilizatorii sunt afecta?i.Patch-ul 5.1.2 se poate desc?rca de pe Amazon.[sursa]Articole asem?n?toareprobleme de securitate in firmware 5.1.0 kindle touchupdate kindle touch si […]