Check Point researchers reported that in April of this year, IT giant Amazon eliminated critical vulnerabilities in the Amazon Kindle. The problems could be used to gain full control over the device, allowed them to steal the Amazon device token and other confidential data stored on it.For a successful attack on a Kindle, just one book with malicious code is enough.
The potential attack began by sending a malicious e-book to the user’s mail. After receiving such an attachment, the victim only had to open it, and this launched the exploit. No additional user permission or action was required.
Even worse, the discovered vulnerabilities allowed attackers to target a specific category of users. For example, to hack a specific group of people or demographic group, a hacker simply had to inject malicious code into a popular e-book in the corresponding language or dialect. As a result, attacks became highly targeted.
The root of the problem lay in the structure of the parsing framework, namely the implementation associated with PDF documents. The attacks were possible thanks to a heap overflow associated with the PDF rendering feature (CVE-2021-30354), which allowed arbitrary write permissions on the device, and a local privilege escalation vulnerability in the Kindle App Manager service (CVE-2021-30355), which allowed combine two vulnerabilities into a chain to run malicious code with root privileges.
The researchers reported their findings to Amazon in February 2021, and already the April update of the Kindle firmware to version 5.13.5 contained a patch (the firmware is automatically installed on devices connected to the network).
Let me remind you that Researcher Found Three Bugs Allowing Hacking Amazon Kindle also this February.