Hackers want to steal your Amazon account… using Kindle eBooks?


Do you think about security when you download an eBook? Probably not. But what if that eBook could allow a hacker to gain remote access to your Amazon account and max out all of its credit cards? A Kindle vulnerability from earlier this week, which has since been patched, shows exactly how pirated eBooks could have been used to hack Amazon accounts.

Discovered by independent researcher Benjamin Daniel Mussler, the vulnerability enabled cross site scripting on the Kindle Library management web page accessed through Amazon accounts. Mussler found that the book title metadata on third party eBooks with the .mobi extension could be modified to run a malicious script, instead of displaying the book title in the Kindle Library manager. Such a script could be designed to grab everything a hacker would need to gain access to your Amazon account and make purchases in your name.

Mussler published his findings on Monday, and on Tuesday the vulnerability – which did not affect .azw Amazon eBooks – was patched.

While no longer a direct concern to Kindle users, this latest issue is a good reminder that Internet security is hardly limited to PCs or smartphones. If you are using any device to connect to the Internet, it needs to be secured.

Have a great (paper-free) day!

Mussler’s full report can be found here.