Security flaw found in Amazon's Kindle Touch

Security researchers from heise Security have created a proof-of-concept code for a remotely exploitable vulnerability affecting Amazon's Kindle Touch 5.1.0 firmware.

amazon-logo

Security researchers from heise Security have created a proof-of-concept code for a remotely exploitable security vulnerability affecting Amazon's Kindle Touch 5.1.0 firmware.

The demo allows arbitrary shell commands to be injected into a Kindle Touch, allowing the security researchers to create a script where the Kindle sent back a copy of /etc/shadow to a heise Security web server.

Apparently, the security issue has been known for over three months now. Amazon Inc. responded to heise Security that they're working on a patch. Unfortunately, the patch cannot by pushed to Kindle Touch users and they would have to personally issue the update on their devices.

Find out more about Dancho Danchev at his LinkedIn profile.

 

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All