|
AMAZON'S KINDLE has been found to be vulnerable to a type of malware that is triggered by downloading an ebook with a booby-trap.
Security researcher Benjamin Daniel Mussler has demonstrated a proof of concept attack the uses cross-site scripting (XSS) to infect a computer opening a sideloaded title containing code.
Once upon a time, in the dim and distant days of 2003 and the far off land of Germany, Mussler reported the issue to Amazon, even sending it a proof of concept ebook to play with that stole all the cookies in a victim's web browser, which in the great scheme of things is not such a big attack but could be put to far more evil uses.
At the time, Amazon fixed the problem in less than a week, which ought to have been the end.
But there is a second chapter to this story. Two months ago, Mussler revealed that he had discovered that the bug had been reintroduced, and so far, Amazon hasn't commented.
Mussler has now decided that the best thing to do is publish the code in question for anyone to replicate.
We're trying to get a response from Amazon on the matter, but in the meantime, chances are that if this malicious code is anywhere, it's likely to be in a pirated or otherwise hooky ebook.
With Kindle and Kobo effectively winning the ebook format war following Sony's departure from the market last month, the moral of the story is to keep clear of sending things you shouldn't send to your Kindle and you'll live happily ever after. |
