Malicious e-Books Can Result in Amazon Kindle Take-Overs
- A malicious PDF e-book could result in the full take-over of Amazon Kindle devices.
- Researchers found a way to chain a heap overflow with an RCE to run malicious code as root.
- Updating the Kindle’s firmware to the latest available version addresses both flaws.
Amazon Kindle is the most popular e-book reader device out there, so it’s no wonder why some hackers like to experiment with exploits targeting them every now and then. Typically, users of Kindle download e-books and nothing else, so if you’re to pass malware on a device of this kind, you’ll have to lace an e-book file. According to a report published today by Checkpoint, this is totally possible and in fact, could result in a full takeover of the device.
Kindles run on a Linux-based OS developed by Amazon specifically for the device, using Java for the UI and JRE for the high-level services. Checkpoint looked at this as a possibility and attempted to fuzz the OS’s e-book parsing framework to potentially discover an exploitable flaw. What they found was PDF files held the most promising potential due to the way their media contents are reconstructed, possibly allowing a heap overflow vulnerability in one of the decoding algorithms used.
The two flaws that the Checkpoint team discovered are CVE-2021-30354 and CVE-2021-30355. The first one is a heap overflow carried out thanks to the fact that there’s no randomization for the data segment and the heap in Kindle devices. The second flaw is an RCE vulnerability in the context of the 'pdfreader' process, which means running code on the target is a matter of opening a malicious PDF file. Because the 'pdfreader' process has framework user rights, any payloads coming through it have limited device access.
By digging deeper, the researchers found that the framework can request the application manager service to start any built-in app. Since that service is run as root, the access limits are lifted, and the payload can do more significant damage. This is a bigger risk for jailbroken devices, which is an alarmingly popular activity among Kindle owners these days.
Amazon released a firmware update that addresses the two flaws described above in April 2021, so all users are now urged to upgrade to version 5.13.5 and above. The fix came roughly three months after Checkpoint reported the issues to the tech giant. If you’re unsure about how you can update your Kindle device, go ahead and follow this step-by-step guide by Amazon.