Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Amazon Kindle Browser Exposed Searches to MitM Attacks

Researchers discovered that an SSL flaw in Amazon’s Silk web browser could have been exploited by hackers to monitor users’ search engine traffic.

Researchers discovered that an SSL flaw in Amazon’s Silk web browser could have been exploited by hackers to monitor users’ search engine traffic.

Amazon Silk is a Chromium-based cloud-accelerated web browser developed for the company’s Kindle Fire tablets and Fire Phones. Similar to other browsers, Silk allows device owners to select which search engine they want to use – Google, Bing or Yahoo.

Researchers at security consultancy Nightwatch Cybersecurity discovered that if Kindle users select Google, Silk prevents redirection to the HTTPS version of the website, allowing attackers to launch man-in-the-middle (MitM) attacks and intercept the victim’s search traffic.

When users access google.com, they are normally redirected to the HTTPS version automatically, but that did not happen in Silk, which prevented the redirection. Experts pointed out that other Google domains, such as google.ru or google.fr, worked properly and redirected users to the SSL version of the site.

The vulnerability affected Silk v49.3.1 and it was patched by Amazon with the release of version 51.2.1. The researchers notified Amazon and Google about the flaw on May 1. Amazon addressed the issue by July 20, but it did not communicate with the experts – the company only sent them a generic response the day after the vulnerability report was sent.

When it was launched in 2011, Silk raised some security and privacy concerns, mainly due to the open connection maintained between the browser and Amazon’s servers. Experts were concerned about the implications of all web connections going through Amazon.

Related: Comodo Browser Breaks Security

Related: Chrome 52 Patches 48 Vulnerabilities

Advertisement. Scroll to continue reading.

Related: Critical Vulnerabilities Patched With Release of Firefox 47

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.