Flaw in Kindle Touch Browser Allows Attacker to Steal Root Credentials

A security hole that affects the web browser in Amazon’s Kindle Touch allows an attacker to execute arbitrary shell commands with root privileges if he can convince a user to navigate to a specially crafted webpage.

Furthermore, the vulnerability could be leveraged to gain access to the device’s operating system and steal the user’s Amazon account credentials, The H informs. A cybercriminal can use these credentials to make purchases on the victim’s behalf.

Researchers from heise Security have published a video to demonstrate the existence of the flaw in eBook readers that with the 5.1.0 firmware variant. They’ve managed to get the Kindle to send the /etc/shadow file – which contains the root password hash – to an arbitrary server.

Fortunately, Amazon is already working on a patch and some users are reporting that the newly shipped devices, which come with a 5.1.1 version of the firmware, are not susceptible to the attack.