Kindle Touch Update Kills Hack, Closes Security Loophole
It took less than 9 days after I learned of and reported on a security hole in the Kindle Touch’s web browser before Amazon released a patch that closes it. Darn. That security hole was a concern, but it also enabled you to easily hack your Kindle Touch.
When Amazon released its second update to the Kindle Touch in April of this year, they announced a number of useful features like the new KF8 support, more language options in the menus, and instant translate. But they also accidentally added a little surprise left buried in the code, one which delighted some hackers when they noticed it.
The surprise was a security hole in the web browser which would let a malicious website run commands on any Kindle Touch which visited it. Potentially this hole might have enabled a hacker to steal credentials and access your Amazon account – though I have not heard of that happening. So far as I know the only time this hole was exploited was by a site that helped you hack your Kindle so you can add more features. That was not at all malicious.
While I might moan about the update closing the hole, it’s actually a good thing. If you’re not planning to hack your Kindle Touch then you should definitely get this patch. It does add protection from a potential risk, so I’d get it (if not for the fact I want to keep my hacked Kindle).
I’ve checked, and this update truly is a patch. The update file itself is a measly 1.5MB, and that means there’s probably nothing else in the update besides the patch. Luckily this is an optional update, and it only works if your Kindle Touch is running OS 5.1.0 or OS 5.1.1. I suppose that’s part of the reason why it hasn’t been pushed out to everyone.
You can find the update here. Follow Amazon’s instructions on how to download and install it.