Security flaw found in Amazon's Kindle Touch

Summary:Security researchers from heise Security have created a proof-of-concept code for a remotely exploitable vulnerability affecting Amazon's Kindle Touch 5.1.0 firmware.

amazon-logo

Security researchers from heise Security have created a proof-of-concept code for a remotely exploitable security vulnerability affecting Amazon's Kindle Touch 5.1.0 firmware.

The demo allows arbitrary shell commands to be injected into a Kindle Touch, allowing the security researchers to create a script where the Kindle sent back a copy of /etc/shadow to a heise Security web server.

Apparently, the security issue has been known for over three months now. Amazon Inc. responded to heise Security that they're working on a patch. Unfortunately, the patch cannot by pushed to Kindle Touch users and they would have to personally issue the update on their devices.

Find out more about Dancho Danchev at his LinkedIn profile.

 

Topics: Security

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.