Click to Skip Ad
Closing in...

Kindle security exploit allows hackers to access your Amazon credentials

Published Sep 16th, 2014 7:00PM EDT
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

As if there haven’t been enough security scares in 2014 already, it looks like another household electronic device could be putting our private information at risk. According to security consultant Benjamin Daniel Mussler at B.FL7.DE, Amazon’s Kindle Library is currently vulnerable to XSS attacks, in which malicious code is inserted into the metadata for an eBook.

If you are unlucky enough to add one of these exploited eBooks to your Kindle library, the code within the file’s metadata will be executed the moment you open the Kindle Library, allowing the hacker to see your Amazon cookies. With these, the hacker could potentially access your Amazon account. The title of the malicious eBook should look something like this:

<script src=”https://www.example.org/script.js”></script&gt;

This isn’t necessarily limited to old Kindles or brand new Kindle Fires either — anyone who uses the Kindle Library to store eBooks or have them sent to a Kindle is at risk. Thankfully, the exploit will likely only affect users who are downloading pirated eBooks from untrustworthy sources, so don’t worry about adding an eBook to your Amazon shopping cart any time soon.

Amazon apparently fixed this exploit when Mussler originally reported it last year, but in the latest update to the Kindle Library, the issue has returned. Mussler reported it to Amazon once again earlier this summer, but has yet to receive a response.

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.