Amazon Awards $18,000 for Exploit Allowing Kindle E-Reader Takeover
Amazon has distributed an $18,000 bug bounty to a researcher who discovered an exploit that allowed an attacker to take complete control over a Kindle e-reader device, just by knowing the targeted user’s email address. The attack is referred to as KindleDrip and was first identified in October of 2020 by Israeli cybersecurity researcher Yogev Bar-On. KindleDrip required the exploitation of three different vulnerabilities, all of which have been addressed and patched by Amazon.
The first vulnerability in the exploit chain related to a feature in which users could send an e-book in MOBI format to their Kindle device through email as an attachment. Amazon generated a random @kindle .com address to complete this feature. What Bar-On discovered was that this feature could be abused to execute arbitrary code on the targeted device. The user only had to click on a link inside an e-book that contained the malicious file.