Connect with us

Hi, what are you looking for?


Data Protection

Amazon Kindle Browser Exposed Searches to MitM Attacks

Researchers discovered that an SSL flaw in Amazon’s Silk web browser could have been exploited by hackers to monitor users’ search engine traffic.

Researchers discovered that an SSL flaw in Amazon’s Silk web browser could have been exploited by hackers to monitor users’ search engine traffic.

Amazon Silk is a Chromium-based cloud-accelerated web browser developed for the company’s Kindle Fire tablets and Fire Phones. Similar to other browsers, Silk allows device owners to select which search engine they want to use – Google, Bing or Yahoo.

Researchers at security consultancy Nightwatch Cybersecurity discovered that if Kindle users select Google, Silk prevents redirection to the HTTPS version of the website, allowing attackers to launch man-in-the-middle (MitM) attacks and intercept the victim’s search traffic.

When users access, they are normally redirected to the HTTPS version automatically, but that did not happen in Silk, which prevented the redirection. Experts pointed out that other Google domains, such as or, worked properly and redirected users to the SSL version of the site.

The vulnerability affected Silk v49.3.1 and it was patched by Amazon with the release of version 51.2.1. The researchers notified Amazon and Google about the flaw on May 1. Amazon addressed the issue by July 20, but it did not communicate with the experts – the company only sent them a generic response the day after the vulnerability report was sent.

When it was launched in 2011, Silk raised some security and privacy concerns, mainly due to the open connection maintained between the browser and Amazon’s servers. Experts were concerned about the implications of all web connections going through Amazon.

Related: Comodo Browser Breaks Security

Related: Chrome 52 Patches 48 Vulnerabilities

Advertisement. Scroll to continue reading.

Related: Critical Vulnerabilities Patched With Release of Firefox 47

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...