Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
Advertisement
An Amazon spokesperson confirmed that the bugs found by Bar-On have been fixed, and said the bugs could not have allowed hackers to take over a victim's Amazon account."The security of our devices and services is a top priority. We have already released an automatic software update over the Internet fixing this issue for all Amazon Kindle models released after 2014," the spokesperson said in an email. "Other impacted Kindle models will also receive this fix. We also have measures in place to help prevent customers from receiving content they haven’t requested. We appreciate the work of independent researchers who help bring potential issues to our attention."Bar-On said that "there is no reason to suspect that this attack was actually exploited, and the devices should already be updated to the fixed firmware version. If the device is not updated, users should update immediately." This is a good reminder that even devices that we may think are not risky in terms of getting hacked can actually leak personal information. And hackers could get some useful data by targeting them.Amazon fixed these bugs on December 10 of last year, after Bar-On reported them on October 17. This story was updated to clarify that hackers could only spend money on the Kindle Store.Do you know of any similar security vulnerability or data breach? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email lorenzofb@vice.com