Israeli cybersecurity firm Check Point discovers Amazon security flaw

by



[ad_1]

Israeli cybersecurity firm Check Point said it found a serious security flaw in Amazon software that left a door open for bad actors to take control of a victim’s device and steal sensitive information.

Security breaches in Amazon’s Kindle, the company’s e-reader, have allegedly allowed hackers to break into a user’s device by sending them a malicious eBook, Check Point said on Friday.

Check Point said it disclosed the vulnerability to Amazon in February, and the company has since addressed the security hole in a firmware update in April. The firmware is automatically installed on devices connected to the Internet.

Kindle is the world’s most popular e-reader, with tens of millions of estimated sales since the device’s launch in 2007.

Before the firmware update, hackers could have tricked victims into opening a single malicious eBook to take full control of one of the devices.

Once the victim received the e-book and opened it, the hacker could then have proceeded with the attack through a chain of exploitation, that is, a way to combine a series of security vulnerabilities. to take control of a device. The victim would not have to take any further action, or have any other indication, to fall prey to the attack.

Once the hackers took control of the device, they could have gained access to sensitive user information, such as Amazon account credentials or billing information. The Kindle could also have been deployed as a malicious bot to attack other devices on the user’s local network.

The security breach was particularly dangerous because it could have allowed bad actors to target a specific demographic, Check Point said. For example, if the attackers wanted to attack a certain population group, they could have deployed a popular and malicious eBook in the language or dialect of the group.

“If a threatening actor wanted to target Romanian citizens, all he had to do was publish a free and popular e-book in Romanian. From there, the threat actor could be fairly certain that all of his victims would, indeed, be Romanian, ”said Yaniv Balmas, Head of Cyber ​​Research at Check Point. “This degree of specificity in offensive attack capabilities is highly sought after in the world of cybercrime and cyberespionage. “

Kindles and other Internet of Things (IoT) devices are often overlooked as security risks, Balmas said in a statement.

“Our research shows that any electronic device, ultimately, is a form of computer. And as such, these IoT devices are vulnerable to the same attacks as computers. Everyone should be aware of the cyber risks involved in using anything connected to the computer, especially something as ubiquitous as the Amazon Kindle, ”he said.

It was not clear if hackers exploited this particular vulnerability before it was patched.

Check Point, a cybersecurity firewall maker, is one of Israel’s leading cybersecurity companies. It trades on the Nasdaq under the ticker CHKP at a market cap of $ 16.5 billion.

The company said last month that its revenue for the previous quarter was $ 526 million, beating expectations. He also reported an increase in ransomware attacks over the past year.

In June, Check Point said it discovered four vulnerabilities in the Microsoft Office software suite, including Excel and Office.

The climate crisis and responsible journalism

As an environmental reporter for The Times of Israel, I try to convey the facts and science behind climate change and environmental degradation, explain – and criticize – official policies affecting our future, and describe the Israeli technologies that can be part of the solution.

I am passionate about the natural world and disheartened by the dismal lack of awareness of environmental issues of most of the public and politicians in Israel.

I am proud to do my part to keep The Times of Israel readers properly informed on this vital topic – which can and must lead to policy change.

Your support, by joining The Times of Israel community, allows us to continue our important work. Would you like to join our community today?

Thank you,

Sue surke, Environment Journalist

Join the Times of Israel community Join our community Already a member? Log in to no longer see this

Are you serious. We appreciate this!

That’s why we come to work every day – to provide discerning readers like you with must-see coverage of Israel and the Jewish world.

So now we have a request. Unlike other media, we have not set up a paywall. But since the journalism we do is expensive, we invite readers for whom The Times of Israel has become important to help support our work by joining The Times of Israel community.

For as little as $ 6 per month, you can help support our quality journalism while benefiting from The Times of Israel WITHOUT ADVERTISING, as well as access to exclusive content reserved for members of the Times of Israel community.

Join our community Join our community Already a member? Log in to no longer see this



[ad_2]

Source link