**Security Researcher Exposes Critical Kindle Vulnerabilities, Enables Hijacking of Amazon Accounts**
At the recent Black Hat Europe hacker conference in London, a chilling revelation was made by engineering analyst Valentino Ricotta, who exposed two critical vulnerabilities in Amazon's popular e-reader, Kindle. The session, titled "Don't Judge an Audiobook by Its Cover," revealed how these flaws could be exploited to gain unauthorized access to users' Amazon accounts and sensitive personal data.
Ricotta, a researcher from the cybersecurity division of Thales, discovered these vulnerabilities while investigating the security of his own Kindle device. What struck him as particularly concerning was that the device, which had been sitting on his bedside table for years, was constantly connected to the internet and ran with ease due to its long-lasting battery life. Furthermore, it had unfettered access to his Amazon account, enabling it to automatically purchase books from the online store using his credit card details.
With this in mind, Ricotta set out to identify potential security risks associated with the Kindle. His investigation led him to two critical flaws in the device's software: one related to the scanning and extraction of information from audiobooks, and another linked to the on-screen keyboard. By exploiting these vulnerabilities, he was able to trick the Kindle into loading malicious code, which allowed him to steal users' Amazon session cookies – tokens that grant access to their accounts.
The implications of this vulnerability are alarming: if exploited by an attacker, it could enable unauthorized access to sensitive personal data, including credit card information. In addition, it could also be used as a stepping stone for further attacks on the user's local network or other devices registered with their Amazon account.
Ricotta emphasized that users may be exposing themselves to this type of attack if they opt to "side-load" books onto their Kindle from non-Amazon stores. This practice can potentially bypass security measures in place by Amazon, leaving users vulnerable to exploitation.
Fortunately for Amazon and its customers, Ricotta has been recognized for his efforts as a responsible security researcher. He was awarded a bug bounty of $20,000 (£15,000) for his findings and promptly donated it to charity. In response to the vulnerabilities, Amazon has taken swift action to rectify the issues, ensuring that users' accounts remain secure.