Dismiss this notice
ExpressVPN Valentines 2021 Giveaway - https://www.geeks.fyi/showthread.php?tid=14246

Dismiss this notice
Internet Download Manager Giveaway - https://www.geeks.fyi/showthread.php?tid=14245

Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Amazon Kindle RCE Attack Starts with an Email
#1
Information 
Quote:Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root – paving the way for siphoning money from unsuspecting users.
 
Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices via the “Send to Kindle” feature to start a chain of attack – a discovery that earned him $18,000 from the Amazon bug-bounty program.
 
“The first vulnerability allowed an attacker to send an e-book to the victim’s Kindle device,” he explained in a Thursday posting. “Then, the second vulnerability was used to run arbitrary code while the e-book is parsed, under the context of a weak user. The third vulnerability allows the attacker to escalate privileges and run code as root.”
 
To make the attack work (which the researcher calls KindleDrip), an attacker would first need to know the email address assigned to the victim’s device. There’s also a predefined list of approved emails that any e-books would need to be sent from. According to Bar-On, neither requirement is much of a hurdle.
 
The special destination email address assigned by Amazon is typically just the user’s regular email under the kindle.com domain (e.g. name@gmail.com becomes name@kindle.com), which “can be brute forced,” he explained.
 
And as for the list of approved addresses, spoofing can easily get around this. “Email authentication is still not as widespread as you may think,” he wrote. “Since many email servers still don’t support authentication, it is not unreasonable to assume that Amazon will not verify the authenticity of the sender.” And indeed, he was able to spoof an email message to send an e-book to his own device.

Read more: https://threatpost.com/amazon-kindle-att...il/163282/
[-] The following 1 user Likes silversurfer's post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username:


Password:





[-]
Recent Posts
How to use Google Chrome Flags to enable...
Google Chrome a...harlan4096 — 13:45
Novel Email-Based Campaign Targets Bloom...
A new e-mail-based...silversurfer — 13:03
Mozilla Fixes Firefox Flaw That Allowed ...
The Mozilla Foundat...silversurfer — 12:58
Threat actors stole driver license numbe...
Threat actors stol...silversurfer — 12:55
NitroRansomware Asks for $9.99 Discord G...
The NitroRansomwar...silversurfer — 12:53

[-]
Birthdays
Today's Birthdays
avatar (40)wapedDow
Upcoming Birthdays
avatar (46)steakelask
avatar (40)Termoplenka
avatar (38)bycoPaist
avatar (44)pieloKat
avatar (38)ilyagNeexy
avatar (46)donitascene
avatar (46)Toligo

[-]
Online Staff
There are no staff members currently online.

>