Researcher Yogev Bar-On, a member of the Israeli cybersecurity consulting team Realmode Labs, was presented by Amazon with the reward of US $ 18 thousand (about R $ 96 thousand) after finding a very serious vulnerability on Kindle devices. If exploited, the loophole – which was named KindleDrip – would allow the cybercriminal to take complete control over the attacked ebook reader.
The bug takes advantage of the “Send to Kindle” feature, which allows the user to send books in MOBI format via email to his gadget when writing to a randomly generated unique address for his Kindle account (in the @ kindle.com domain). Bar-On found that he could design an ebook containing a link to a malicious file that would allow it to execute arbitrary code on the device and send to that email address.
There is an important detail here: the Send to Kindle system only allows authorized emails to send ebooks to @ kindle.com, but the researcher was successful in using a spoofing technique to spoof these authorized emails and impersonate the user, sending books at will to the gadget. Once the victim clicked on the malicious link, the web browser would open and download a JPEG XR file containing the script itself.
“The attacker can access the device’s credentials and make purchases at the Kindle store using the victim’s credit card. Attackers can sell an ebook in the store and transfer money to your account. At least the confirmation email would make the victim aware of the purchase, ”explained Bar-On, in a post on his blog that explains the step-by-step of exploiting the flaw.
Such loopholes forced Amazon to, in addition to rewarding the expert with a generous prize, fix bugs in new firmware; so if you own a Kindle device, make sure you have build 5.13.4 or higher installed on your e-reader.
See the original post at: https://thehack.com.br/amazon-paga-us-18-mil-para-pesquisador-que-encontrou-brecha-grave-no-kindle/?rand=48873