**New Kindle Book Malware: A Threat to Your Amazon Account**

One of the primary benefits of e-readers is their security, which was thought to be impenetrable. However, a new type of malware has been discovered that can hack into your entire Amazon account by sideloading an e-book onto your Kindle device.

The threat was uncovered by Valentino Ricotta, an engineering analyst for Thales, the defense and security group. Ricotta created a "malicious" ebook that exploited vulnerabilities in the Kindle, allowing him to access the linked Amazon account after downloading the ebook onto the device.

"Once an attacker gets a foothold inside a Kindle, it could access personal data, your credit card information, pivot to your local network, or even to other devices that are registered with your Amazon account," Ricotta warned. This means that hackers can gain control of not only your Kindle but also your entire digital life.

Ricotta's findings revealed that many users who side-load books onto their Kindles visit third-party websites, mass-download numerous books, and then transfer them to their devices via USB. Even if the Kindle is not connected to the internet, this process can still leave users vulnerable to these kinds of threats.

"It's about being aware of these kinds of threats and not trusting third-party websites," Ricotta emphasized. He promptly informed Amazon of the flaws, which were deemed "critical" and fixed by the company.

Ricotta was awarded a $20,000 "bug bounty" from a software company for exposing vulnerabilities, but Thales donated this amount to charity instead of keeping it as payment. This act highlights the commitment of some security experts to ethical hacking and responsible disclosure.

While Ricotta's methods were publicly disclosed, other potential attack vectors have not been made known, allowing hackers to potentially carry out full account takeovers without detection. Another vulnerability that has not yet been patched is a flaw in the onscreen keyboard, which can track the loading of malicious code and steal Amazon session cookies – tokens granting access to user accounts.

**Update from Amazon**

An Amazon spokesperson confirmed that they had identified and fixed vulnerabilities affecting Kindle e-readers and Audible functionality on these devices. Automatic updates have been sent to affected devices to address the issues.

Furthermore, the spokesperson emphasized that there is no evidence of this issue being used to access customer accounts or devices outside of Ricotta's test before it was fixed earlier this year. Additionally, the vulnerability could only be discovered with physical access to a customer's device.

**A Message from Michael Kozlowski**

Michael Kozlowski, an expert in audiobooks, e-books, and e-readers, has written extensively on these topics over the past eighteen years. Based in Vancouver, British Columbia, Canada, Kozlowski's insights provide valuable context for understanding the implications of this new malware threat.

Kozlowski emphasizes the importance of vigilance when it comes to digital security and warns users against trusting third-party websites for sideloading e-books onto their Kindles. As the world becomes increasingly reliant on technology, it is essential that we remain aware of potential threats like these and take necessary precautions to protect ourselves.