A security hole in Amazon's Kindle Touch web browser allows an attackers to run shell commands with the root privileges, if he can convince a user to navigate to a specially crafted webpage.
This vulnerability allows attackers to access the eBook reader's underlying Linux system at the highest privilege level and potentially steal the access credentials for the Amazon account linked to the Kindle, or purchase books with the Kindle user's account, The H-online reports.
The security hole was originally detailed on MobileRead forum in May but hasn't attracted much attention.
Researchers from Heise security have created a proof-of-concept video to demonstrate the existence of the security hole in eBook readers that with the 5.1.0 firmware variant. They’ve managed to get the Kindle to send the /etc/shadow file – which contains the root password hash – to an arbitrary server.
H-online points out that Amazon's Security department is working on a patch and also suggest that some new Kindle Touch devices are already being shipped with updated 5.1.1 firmware. The issue doesn't appear to affect any other Kindle models.
