Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Amazon Quietly Removes Device Encryption From Fire Devices

Amazon has decided to kill support for encryption on its Kindle Fire devices and quietly removed it from Fire HD and Fire HDX 8.9 devices with the release of Fire OS 5 in February.

Amazon has decided to kill support for encryption on its Kindle Fire devices and quietly removed it from Fire HD and Fire HDX 8.9 devices with the release of Fire OS 5 in February.

Fire OS 5 is based on the Android 5.0 Lollipop release, which was revealed in October 2014 with multiple security enhancements built in, including full device encryption enabled by default on first boot. 

To further boost the security of devices, Google announced in October 2015 that full-disk encryption was mandatory in devices running Android 6.0 Marshmallow. Thus, the company required that all manufacturers enabled the feature out-of-the-box for new devices that support a secure lockscreen and which have high memory resources.

Amazon’s Fire devices had encryption enabled, and users still running iterations of Fire OS 4 can take full advantage of the security feature. However, those who decided to upgrade to the newer Fire OS 5 platform release could no longer enjoy the same capabilities it seems.

Although it did not make an official announcement on the matter, Amazon did inform users on the change, and even suggested they refrain from upgrading to the newer OS version to continue taking advantage of encryption. Basically users need to choose from two equally bad options: update and leave their data unprotected, or continue running outdated software on their devices.

Users interested in installing the newer operating system version were also prompted to backup all of their data and perform a factory reset on their devices to remove encryption. As soon as the installation process was completed and Fire OS 5 was up and running, user data was no longer encrypted.

Many Kindle Fire users have noticed the change and started expressing their discontent on Amazon’s forum and on social media. According to Rick Dillon, Amazon even had a page on its support website explaining the encryption changes, but the page can no longer be found.

It certainly comes as a surprise that Amazon decided to remove such an important feature from its devices, even if Google provided manufacturers with the possibility to choose whether they would enable encryption or not on Android 5.0 products.

Contacted by SecurityWeek, Amazon said the move to weaken data security on its Fire devices was because customers weren’t using certain features.

“In the fall when we released Fire OS 5, we removed some enterprise features that we found customers weren’t using,” an Amazon spokesperson told SecurityWeek. “All Fire tablets’ communication with Amazon’s cloud meet our high standards for privacy and security including appropriate use of encryption.”

Amazon’s decision to deprecate encryption on Fire HD and Fire HDX 8.9 devices comes amid avid discussions regarding the security and privacy of smartphones and similar devices after Apple refused to help the FBI unlock the iPhone belonging to the San Bernardino Islamic terrorist.

Large tech companies, including Google, Microsoft, Facebook and Yahoo joined Apple’s legal fight over encryption Thursday, warning that a precedent would be created if the company is forced to unlock an encrypted device. FBI chief James Comey, on the other hand, said Tuesday that Americans need to know the safety implications if encryption makes it impossible to access data on smartphones and other devices.

*Updated with comment from Amazon

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...