The attacker would not need physical access to the vulnerable Fire Tablet. Researchers outlined the proof of concept for the attack in their post. Security researcher Yakov Shafranovich is credited with discovering the vulnerability.
#Amazon fire hd 8 hack update
“Most Kindle devices will automatically update to the latest version but users who disabled updates should update to the latest version,” researchers said. Thursday’s notice is the first public disclosure of the flaw in accordance with Nightwatch Cybersecurity’s vulnerability disclosure guidelines. “Customers do not need to take any action as their devices have been automatically updated with security fixes for this issue.” “Customer trust is important to us and we take security seriously,” an Amazon spokesperson told Threatpost. MitM attacks can be used not only to manipulate content, but have been used to inject malicious code into targeted devices or used to coax victims into following rogue links and downloading booby-trapped files.
#Amazon fire hd 8 hack serial number
That in turn leaves traffic and the serial number of the device wide open for remote attackers to observe and tamper with. These settings lack HTTPS, which encrypts data between the browser and website. Specifically, the lack of HTTPS support impacts HTML-based content identified as Settings, Legal and Compliance, Terms of Use and the Privacy sections, a Nightwatch Cybersecurity spokesperson told Threatpost. The root cause of the vulnerability, CVE-2019-7399, is in the setting section of FireOS, which lacks HTTPS for some content, researchers said. “While monitoring network traffic on a test device, we observed that several calls from the settings section are done without HTTPS and can be injected with malicious content by an MitM attacker,” according to a post outlining the flaw. Public disclosure of the vulnerability was Thursday Feb. The issue was discovered in FireOS v5.3.6.3 in September and fixed by the vendor in v5.3.6.4, which was released in November 2018. The Fire Tablet (formerly known as the Kindle Fire) is Amazon’s budget slate that runs on Amazon’s FireOS operating system. Researchers with Nightwatch Cybersecurity on Thursday said that the FireOS operating system is open to a limited context man-in-the-middle attack, where an attacker could secretly relay and possibly alter communications to inject malicious content. The bug could also allow an adversary to capture the serial number of the tablet. A vulnerability in the operating system of Amazon’s Fire Tablets could allow a hacker to inject malicious content into Settings, Legal and Compliance, Terms of Use and Privacy sections of the device.
0 kommentar(er)
