Advertisement
), a hacker gets access to your cookies, and, hence, your Amazon account credentials.","editorialPicksList":"","editorialTags":["amazon","e book","e books","e reader","e readers","e-book","e-books","e-reader","e-readers","hack","kindle","security"],"factualPollId":null,"finalUrl":"https://www.engadget.com/2014-09-16-kindle-security-flaw-e-books.html","hashtag":"","hasVideoList":false,"hasScribble":false,"hasXraySideRail":false,"hasYahooVideo":false,"hideAllAds":false,"hostedType":"hosted","redirectMetaData":{"originalId":null,"newId":"1575d4c4-3e2f-35cd-a0e3-21f884252f50"},"isAsideEligible":true,"isAutoblogArticle":false,"isBrandedContent":false,"isCreatorContent":false,"isImmersiveContent":false,"isOriginalContent":true,"isPersonalFinanceArticle":false,"isSeamlessBypass":false,"isShoppable":false,"isSponsoredContent":false,"keywords":"Kindle Library, Benjamin Daniel Musser, Amazon","modifiedDate":"Fri, 19 Jul 2019 17:13:42 GMT","pageTitle":"Kindle security flaw can be exploited by hidden codes in e-books","presentation":null,"previewLink":null,"providerId":null,"providerBrand":{},"publisher":"Engadget","publishDate":"Tue, 16 Sep 2014 07:51:00 GMT","salientEntities":[],"searchNoIndex":false,"seamlessUrl":"https://www.engadget.com/2014-09-16-kindle-security-flaw-e-books.html","showEditorialPicksPlaceholder":false,"showPremiumPaywall":false,"isPremiumArticle":false,"spaceId":"1197802876","sponsoredContent":false,"summary":"Next time you come across a Kindle e-book link somewhere other than Amazon itself, you may want to make sure it's not some dubious website before you hit download or \"Send to Kindle.\" A security researcher by the name of Benjamin Daniel Musser has discovered that the \"Manage Your Kindle\" page contains a security hole -- one that hackers can take advantage of with the help of e-books hiding malicious lines of code. Once you load the Kindle Library with a corrupted e-book (typically with a subject that includes ), a hacker gets access to your cookies, and, hence, your Amazon account credentials.","title":"Kindle security flaw can be exploited by hidden codes in e-books","tpConsent":true,"type":"story","url":"https://www.engadget.com/2014-09-16-kindle-security-flaw-e-books.html","uuid":"1575d4c4-3e2f-35cd-a0e3-21f884252f50","videoPosition":"","VUID":"U8UIX91UiXlJVuxrAaIztQ"}
Engadget
Why you can trust us

Engadget has been testing and reviewing consumer tech since 2004. Our stories may include affiliate links; if you buy something through a link, we may earn a commission. Read more about how we evaluate products.

Kindle security flaw can be exploited by hidden codes in e-books

Mariella Moon
Contributing Reporter
Updated ·1 min read
0

Next time you come across a Kindle e-book link somewhere other than Amazon itself, you may want to make sure it's not some dubious website before you hit download or "Send to Kindle." A security researcher by the name of Benjamin Daniel Musser has discovered that the "Manage Your Kindle" page contains a security hole -- one that hackers can take advantage of with the help of e-books hiding malicious lines of code. Once you load the Kindle Library with a corrupted e-book (typically with a subject that includes <script src="https://www.example.org/script.js"></script>), a hacker gets access to your cookies, and, hence, your Amazon account credentials.

Based on the updates Musser wrote at the bottom of the report's web page, he first discovered the flaw in October last year. Amazon patched it up shortly after he reported it, but it made its way back after a "Manage Your Kindle" overhaul. Still, he believes the issue should be easy to avoid, so long as you don't download e-books (pirated or otherwise) from websites you don't know. Aside from Kindle, another Amazon-owned service was also thrust into the spotlight earlier for exhibiting a security flaw. Audible, the company's audiobooks service, apparently allowed users to use fake emails and credit card numbers in order to download as many files as they want. An Audible spokesperson stressed, however, that transactions made using fake credit cards were "closed quickly" and that the service takes credit card fraud seriously.