A serious security hole in the web browser of Amazon’s Kindle touch E-Book reader has been identified, actually when a user navigates to specially crafted webpage then the kindle will execute arbitrary shell commands as root and by this an hacker can steal the access



credentials for the Amazon account linked to the Kindle even hacker can Purchase books with kindle user’s account. 

For more than One year the Kindle browser has been considered to be in “beta”, this status does not reduce the risk for inquisitive users as the software is installed on each device by default, at the Heise security a Video demonstration has been made by H’s associates which will show you to manage to get the Kindle to send the /etc/shadow file – which contains the root password hash – to an arbitrary server. 

This Hole has been described about three months ago but at that time but failed to take attention of people. 



This site uses Akismet to reduce spam. Learn how your comment data is processed.