Amazon’s Kindle e-reader is a preferred system that has been on the sector since 2007, with approximately 100 million Kindles in use around the world right now.
The most important purpose of the Kindle is to enable buyers to go through textbooks. Slava Makkaveev, security researcher at Verify Issue Application Technologies, experienced an additional idea, however he desired to see if he could load a e book that would exploit the Kindle. At the DEF CON 29 meeting, Makkaveev outlined the method by which he was equipped to exploit a Kindle with a malicious E-book that he was ready to build.
“Personally, I use Kindle a good deal, but I have hardly ever heard about a destructive Ebook,” Makkaveev explained. “That was the rationale for me to research how to make these a e-book that could be applied to achieve root obtain remotely and take comprehensive management of a Kindle system.”
Makkaveev noted that normally end users join their Kindle equipment to a Wi-Fi network. When Wi-Fi could have likely been applied as an entry place to attack the Kindle, in his see making use of an E-book to reach the gadget is substantially simpler and will also allow mass attacks.
There are numerous strategies that Kindle buyers can get guides, including right by way of Amazon, transferred by way of USB, or via an email. There are also free of charge on the web libraries that are open up, wherever it really is simple for anybody to add and down load eBooks.
“An attacker can effortlessly upload a malicious ebook for absolutely free obtain, because no just one expects to see malware concentrating on the Kindle,” Makkaveev explained. “Most libraries only treatment about the correctness of the metadata in the uploaded the e-book, so when downloading an Ebook from an on line library you can never ever be sure of its information.”
Within the Kindle
Makkaveev explained that generally the Kindle operating procedure is the Linux kernel
with a set of native plans, largely presented by the BusyBox open source framework.
The way that numerous eBooks are study by the Kindle running process is as a PDF file. There are numerous various matters that can be embedded inside of a PDF file, so Makkaveev concentrated his analysis on mastering how the Kindle essentially parses the data to demonstrate buyers. All through his study he found out a pair of vulnerabilities.
The very first vulnerability is recognized as CVE-2021-30354 and is an integer overflow in the Kindle’s JBIG2 decoding algorithm for rendering the terms from a PDF file. The overflow could help an attacker to likely overwrite precise bits of memory on a Kindle product.
“Now we have remote code execution vulnerability in the context of the PDF reader process,” Makkaveev stated.
With the very first vulnerability it truly is probable to accessibility special internal documents on a Kindle, but an attacker would nevertheless be to some degree restricted. What Makkaveev wanted was to be able to attain remote root entry on a Kindle, cost-free of any constraints. Which is where the next vulnerability arrives in, furnishing a neighborhood privilege escalation exploit determined as CVE-2021-30355.
In a temporary demo, Makkaveev showed how the full attack works, where he was equipped to load a destructive Ebook on a Kindle and then choose in excess of the device remotely. When the customers simply click on the guide, the destructive payload hidden in the e book connects to a remote server, delivering the reverse shell that locks the consumer monitor with a window.
“As you can see, we get the root permissions, so we can do whichever we want,” he mentioned.
An attacker could likely steal a victim’s Amazon account, delete textbooks, change the Kindle into a bot to attack other devices, or simply just brick the machine, rendering it ineffective.
Makkaveev concluded his presentation by noting that he noted the issues to Amazon in February 2021 and they have now been fixed.
Some components of this posting are sourced from: