Although they are widely used across the world, a new Kindle eBook hack can access users’ Amazon accounts.
Several years ago, debate flared between those who were adamant that eBooks couldn’t and shouldn’t replace physical books and those who said they signalled the second coming of reading. ‘We like the smell’ those against eBooks said, ‘eBooks can never replace the feel of turning a physical page’ and ‘eReaders are expensive’. Many more of the arguments like this were valid but Amazon trundled on anyway, doing so well with their Kindle line of eBooks readers that they’ve since launched a TV box set/games console and a smartphone off of the back of it. But, all of this success may come under fire due to the resurgence of a Kindle eBook hack that can worm its way into your Amazon account.
This hack, which was discovered again by researchers, lets malicious hackers embed programs into an eBook’s file. When examined by Amazon’s Kindle tools, the modified eBook can trigger the reading of a script and cause Amazon cookies to be transferred and accessed by the perpetrator of the attack which they can then use to get into your Amazon account. It may all sound a bit technical but for the most part it’s not. With some coding knowledge and the know how to insert the relevant code into an eBook’s metadata (such as the eBook’s description), the hackers can make good use of this hack and get into your Amazon account – which is where precious information like bank and payment details (along with your name and home addresses) are all stored.
For the most part, legitimate eBooks are safe and such a hack will predominantly put eBook piraters at risk, especially as it’s the .mobi file types (which are used for both pirated and legitimate eBooks) that are susceptible as opposed to Amazon’s own .azw file type. That doesn’t mean that it’s not a huge problem though and it’s actually one that has cropped up before. Back in October the flaw reared its ugly head before being patched but clearly, Amazon failed to do a good enough job. That’s why it’s important to be cautious after Amazon say they’ve patched it again, as it’s not hard to imagine that the loop could crop up again if not to infiltrate Amazon accounts then to trick other apps and service instead.
Be social! Follow Walyou on Facebook and Twitter, and read more related stories, Amazon slashes the price of the Fire Phone: now $0.99 USD, Amazon Gets Serious About Gaming, Buys Twitch for $1B