image credit: unsplash
The attack, dubbed KindleDrip, was discovered in October 2020 by Yogev Bar-On, a researcher at Israel-based cybersecurity consulting firm Realmode Labs. KindleDrip involved the exploitation of three different security holes, all of which were addressed by Amazon.
The first vulnerability in the exploit chain was related to the “Send to Kindle” feature, which allows users to send an e-book in MOBI format to their Kindle device via email as an attachment. Amazon generates an @kindle.com email address where a user can send e-books as an attachment from a list of email addresses approved by the user.
Comments are closed.
