Researchers discovered that an SSL flaw in Amazon’s Silk web browser could have been exploited by hackers to monitor users’ search engine traffic.
Amazon Silk is a Chromium-based cloud-accelerated web browser developed for the company’s Kindle Fire tablets and Fire Phones. Similar to other browsers, Silk allows device owners to select which search engine they want to use – Google, Bing or Yahoo.
Researchers at security consultancy Nightwatch Cybersecurity discovered that if Kindle users select Google, Silk prevents redirection to the HTTPS version of the website, allowing attackers to launch man-in-the-middle (MitM) attacks and intercept the victim’s search traffic.
When users access google.com, they are normally redirected to the HTTPS version automatically, but that did not happen in Silk, which prevented the redirection. Experts pointed out that other Google domains, such as google.ru or google.fr, worked properly and redirected users to the SSL version of the site.
The vulnerability affected Silk v49.3.1 and it was patched by Amazon with the release of version 51.2.1. The researchers notified Amazon and Google about the flaw on May 1. Amazon addressed the issue by July 20, but it did not communicate with the experts – the company only sent them a generic response the day after the vulnerability report was sent.
When it was launched in 2011, Silk raised some security and privacy concerns, mainly due to the open connection maintained between the browser and Amazon’s servers. Experts were concerned about the implications of all web connections going through Amazon.
Related: Comodo Browser Breaks Security
Related: Chrome 52 Patches 48 Vulnerabilities
Related: Critical Vulnerabilities Patched With Release of Firefox 47

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
