Be careful what you read on the Kindle – Computer Point

Rome – The problem would be present for months, at least since last October, but until now no one had spoken openly: the Amazon account linked to a Kindle device, those used to purchase physical goods and electronic and to synchronize content between different devices, are vulnerable to attack from ebook . If the metadata of a book are modified to include a link to a malicious script can happen Account Amazon Anyone can possess it and do what he wants information and credit card in it, at least until it is discovered .

The vulnerability lies in the way in which Amazon manages the metadata, in particular the title of a book or its author, when a user loads an ebook on cloud platform essendoselo procured elsewhere: a common procedure that simplifies not little material management, especially for those who have several readers or using different types of devices in addition to the Kindle (eg smartphones and tablets) for reading. When you press the button to send the book to your device triggered the trap: if someone has entered a string like script src = https: //www.example.org/script.js in the intended title or author’s name, the code can be found at the specified address is executed. At that point, anything can happen.

The question is tricky because this information is spreading in the network, and there are very good chances that someone decides to change the books stored in archives not exactly legal (there are plenty available on ebook Torrent, just as an example) to exploit the weakness of the Kindle. Therefore, anyone who decides to take advantage of “free” of these unconventional methods for the supply of books and manuals may have to deal with this danger. And the number of users is dedicated to the electronic piracy of books seems to be growing not by chance that Harper Collins has begun to “brand” their digital volumes with a new type of watermark , invisible to the reader but perfectly traceable in the network. The publisher can then trace the origin of the distribution channels “alternative” of its shares, even and especially in the case of a text is not yet public is circulated before the settlement date.

At this time, anyway, that metadata of e-books is not the only headache that Amazon is facing with regard to its sale of books in alternative format: also the Audible service , the umbrella under which the company distributes in Seattle audiobooks, apparently suffering from some defect subscription management, so as to allow for the purchase of books and subscriptions without being verified the goodness of the data entered for payment. The discovery was made a young Indian user, Alan Joseph, but Amazon about it wanted to make a clarification: in this case would not be so much a matter of safety, but rather to hoax perpetrated on the service. And, as such, will be treated in all cases where it is identified.

Luca Annunziata