+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

A Security Flaw In Amazon's Kindle Library Could Allow Anyone To Take Control Of Your Account

Sep 16, 2014, 18:34 IST

Advertisement

A security researcher has uncovered a flaw in Amazon's website that could enable hackers to gain access to Amazon accounts.

The flaw was identified by Benjamin Daniel Mussler in a post on the B.FL7.DE blog.

Mussler says that Amazon's Kindle Library is vulnerable to malicious computer script hidden in Kindle books.

By inserting JavaScript code into the metadata of an eBook, hackers are able to create pop-up windows on Amazon and access the site's locally stored files on your computer.

Advertisement

Malicious script sneaked into eBooks can change the way the Kindle library page displays, like so:

"From the supplier's point of view, vulnerabilities like this present an opportunity to gain access to active Amazon accounts," Mussler writes.

According to Mussler, Amazon was informed of the security flaw in November 2013, but the loophole has yet to be fixed. When the security researcher informed the open source eBook program Calibre about the same problem, it was fixed within hours.

The good news is that Kindle books purchased through the Amazon store are unlikely to contain the hack, according to Mussler. Instead it's more likely to spread using pirated eBooks that are sent to a user's Kindle library - so there's another reason not to download ebooks from dodgy websites.

Advertisement

The news comes a day after Business Insider pointed out a loophole in the site's audio book retailer, Audible, that allowed anyone to download an unlimited amount of audio books for free.

Disclosure: Jeff Bezos is an investor in Business Insider through his personal investment company Bezos Expeditions.
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article