+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 
  • Home
  • tech
  • A Security Flaw In Amazon's Kindle Library Could Allow Anyone To Take Control Of Your Account

A Security Flaw In Amazon's Kindle Library Could Allow Anyone To Take Control Of Your Account

James CookSep 16, 2014, 18:34 IST

Advertisement

A security researcher has uncovered a flaw in Amazon's website that could enable hackers to gain access to Amazon accounts.

The flaw was identified by Benjamin Daniel Mussler in a post on the B.FL7.DE blog.

Complimentary Tech Event
Transform talent with learning that works
Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

Mussler says that Amazon's Kindle Library is vulnerable to malicious computer script hidden in Kindle books.

By inserting JavaScript code into the metadata of an eBook, hackers are able to create pop-up windows on Amazon and access the site's locally stored files on your computer.

Advertisement

Malicious script sneaked into eBooks can change the way the Kindle library page displays, like so:

"From the supplier's point of view, vulnerabilities like this present an opportunity to gain access to active Amazon accounts," Mussler writes.

According to Mussler, Amazon was informed of the security flaw in November 2013, but the loophole has yet to be fixed. When the security researcher informed the open source eBook program Calibre about the same problem, it was fixed within hours.

The good news is that Kindle books purchased through the Amazon store are unlikely to contain the hack, according to Mussler. Instead it's more likely to spread using pirated eBooks that are sent to a user's Kindle library - so there's another reason not to download ebooks from dodgy websites.

Advertisement

The news comes a day after Business Insider pointed out a loophole in the site's audio book retailer, Audible, that allowed anyone to download an unlimited amount of audio books for free.

Disclosure: Jeff Bezos is an investor in Business Insider through his personal investment company Bezos Expeditions.
Latest Stories
Indegene IPO: Company details to risk factors, all you need to know
Savouring Goa: 6 Irresistible culinary delights you must taste
Ultimate travel guide to Turkey for Indian tourists in 2024
India's satcom sector to take off as IN-SPACe allows Indian players access to international orbital data
India's satcom sector to take off as IN-SPACe allows Indian players access to international orbital data
Trending News
Next Article
Next Story
Popular Categories
Trending Right Now

Copyright @ 2024. Times Internet Limited. All rights reserved.For reprint rights. Times Syndication Service.