Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Amazon Quietly Removes Device Encryption From Fire Devices

Amazon has decided to kill support for encryption on its Kindle Fire devices and quietly removed it from Fire HD and Fire HDX 8.9 devices with the release of Fire OS 5 in February.

Amazon has decided to kill support for encryption on its Kindle Fire devices and quietly removed it from Fire HD and Fire HDX 8.9 devices with the release of Fire OS 5 in February.

Fire OS 5 is based on the Android 5.0 Lollipop release, which was revealed in October 2014 with multiple security enhancements built in, including full device encryption enabled by default on first boot. 

To further boost the security of devices, Google announced in October 2015 that full-disk encryption was mandatory in devices running Android 6.0 Marshmallow. Thus, the company required that all manufacturers enabled the feature out-of-the-box for new devices that support a secure lockscreen and which have high memory resources.

Amazon’s Fire devices had encryption enabled, and users still running iterations of Fire OS 4 can take full advantage of the security feature. However, those who decided to upgrade to the newer Fire OS 5 platform release could no longer enjoy the same capabilities it seems.

Although it did not make an official announcement on the matter, Amazon did inform users on the change, and even suggested they refrain from upgrading to the newer OS version to continue taking advantage of encryption. Basically users need to choose from two equally bad options: update and leave their data unprotected, or continue running outdated software on their devices.

Users interested in installing the newer operating system version were also prompted to backup all of their data and perform a factory reset on their devices to remove encryption. As soon as the installation process was completed and Fire OS 5 was up and running, user data was no longer encrypted.

Advertisement. Scroll to continue reading.

Many Kindle Fire users have noticed the change and started expressing their discontent on Amazon’s forum and on social media. According to Rick Dillon, Amazon even had a page on its support website explaining the encryption changes, but the page can no longer be found.

It certainly comes as a surprise that Amazon decided to remove such an important feature from its devices, even if Google provided manufacturers with the possibility to choose whether they would enable encryption or not on Android 5.0 products.

Contacted by SecurityWeek, Amazon said the move to weaken data security on its Fire devices was because customers weren’t using certain features.

“In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using,” an Amazon spokesperson told SecurityWeek. “All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”

Amazon’s decision to deprecate encryption on Fire HD and Fire HDX 8.9 devices comes amid avid discussions regarding the security and privacy of smartphones and similar devices after Apple refused to help the FBI unlock the iPhone belonging to the San Bernardino Islamic terrorist.

Large tech companies, including Google, Microsoft, Facebook and Yahoo joined Apple’s legal fight over encryption Thursday, warning that a precedent would be created if the company is forced to unlock an encrypted device. FBI chief James Comey, on the other hand, said Tuesday that Americans need to know the safety implications if encryption makes it impossible to access data on smartphones and other devices.

*Updated with comment from Amazon

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...