Could Kindle web access allow an email hijack?

Alison C · 01-20-2011, 12:21 AM

This morning my email account was hijacked by spammers, who sent an email to pretty much everyone I've ever emailed (not just the addresses in my Contacts). It's a Gmail account, and I've never had this sort of problem before.

The only thing I can think of that I've done differently is that yesterday I used my Kindle to access emails; just playing with it at home to try it out really. When I'd finished I just went back to the book I was reading, without signing out from Gmail on the Kindle. (This may well have been stupid of me.)

Maybe I'm paranoid or ignorant or both, but could the fact that I didn't sign out of Gmail on the Kindle have allowed the spammers access to my account somehow? The Kindle has not left the house in the intervening period, and access is via my home wireless network.

The spammers were operating from an IP address in China; I've changed my password, followed some security settings advice from Gmail Help, and submitted a report to Gmail. I'd appreciate any comments or advice from people with more technical and Kindle knowledge than me (that's pretty much everyone!).

Coincidentally I have a computer technician coming round tomorrow to deal with issues I've been having about slow running and odd error messages relating to a plugin-exe application error; I'll ask him about this issue as well, but it's likely that he's never seen a Kindle before, as they're not exactly common here yet.

Alison

kranu · 01-20-2011, 12:44 AM

No, my Gmail account has never been hacked. I doubt that what you claim is true.

Assuming you have a WiFi Kindle, you connected through your own internet. The connection never went through Amazon's servers.

Chances are your computer is virus-infected, and needs to get cleaned; not the Kindle. Why would hackers target a Kindle when PC's are so much more of a bigger target?

FF2 · 01-20-2011, 01:11 AM

I don't know if it is kindle related but within the last month, there was discussion of an addon for Firefox which allows its user to grab or hijack an account once the user logs on to it. In other words, after you enter your password and are authenticated, the user of this software is ON YOUR ACCOUNT and can do things with it. I don't recall much more but it was yet another scary article about the insecurities of the web and wifi.

Ah, found a link to some site where it is mentioned:

http://www.wonderhowto.com/how-to-us...etwork-405854/

kranu · 01-20-2011, 01:20 AM

Quote:

Originally Posted by FF2

I don't know if it is kindle related but within the last month, there was discussion of an addon for Firefox which allows its user to grab or hijack an account once the user logs on to it. In other words, after you enter your password and are authenticated, the user of this software is ON YOUR ACCOUNT and can do things with it. I don't recall much more but it was yet another scary article about the insecurities of the web and wifi.

Ah, found a link to some site where it is mentioned:

http://www.wonderhowto.com/how-to-us...etwork-405854/

That wouldn't work unless someone from China flew over to her house, connected to HER network, collected her password, and flew back to China. Okay that's exaggerated. But what are the chances of someone coming along and hacking her network...

HarryT · 01-20-2011, 01:22 AM

I agree with the previous posters; the Kindle has nothing to do with this.

m0ngr31 · 01-20-2011, 02:04 AM

Quote:

Originally Posted by FF2

I don't know if it is kindle related but within the last month, there was discussion of an addon for Firefox which allows its user to grab or hijack an account once the user logs on to it. In other words, after you enter your password and are authenticated, the user of this software is ON YOUR ACCOUNT and can do things with it. I don't recall much more but it was yet another scary article about the insecurities of the web and wifi.

Ah, found a link to some site where it is mentioned:

http://www.wonderhowto.com/how-to-us...etwork-405854/

I didn't read the article, but I'm guessing it's referring to FireSheep? The only place you really have to worry about that is in public wifi areas, like Starbucks or something unless the attacker gets in through your wireless. But chances are that if they know how to break your wifi encryption, they also know that arp poisoning is much more effective than FireSheep will ever be.

99% chance that you've got some virus/malware that's mining your data and sending it to China (especially if you've got a computer tech coming over to look at slowness and error messages since those are red flags for viruses). Get yourself a firewall on your computer so you can see exactly what it is sending to the internet and you won't have most of your problems.

avantman42 · 01-20-2011, 02:32 AM

Quote:

Originally Posted by Alison C

This morning my email account was hijacked by spammers, who sent an email to pretty much everyone I've ever emailed (not just the addresses in my Contacts). It's a Gmail account, and I've never had this sort of problem before.

The only thing I can think of that I've done differently is that yesterday I used my Kindle to access emails;

I can understand that it looks an awful lot like the two things are related, but it's just a coincidence.

Quote:

Originally Posted by Alison C

When I'd finished I just went back to the book I was reading, without signing out from Gmail on the Kindle. (This may well have been stupid of me.)

If you don't sign out of your GMail, then someone could pick up your Kindle and get to your GMail. On the other hand, staying logged in is more convenient since you won't have to re-enter your password next time you want to check GMail on your Kindle. Logging out is more secure, but less convenient. Only you can decide whether the extra security is worth the inconvenience.

If you do leave it logged in, and decide that it was a bad idea (eg if you leave your Kindle on a bus/train/whatever), you can log into GMail from another machine, then log out all other sessions. This GMail help page has more information about that.

Quote:

Originally Posted by Alison C

slow running and odd error messages relating to a plugin-exe application error;

These are much more likely to be the cause of your GMail hijacking. As others have said, it's extremely unlikely to be related to using your Kindle to check your GMail.

avantman42 · 01-20-2011, 02:43 AM

Following up on this, and to respond to the more general question of "Could Kindle web access allow an email hijack?", rather than the specifics of your situation.

One thing I would strongly recommend is that you check that the 'Always use https' setting is enabled. It used to default to disabled, but now defaults to enabled. If you signed up to GMail when the default was for it to be disabled, I don't know if it would have been changed. There is more information, including instructions on how to set it, at this GMail help page.

Enabling the 'Always use https' setting means that all data sent between your Kindle (or PC, laptop, whatever) and GMail is encrypted, which makes it much more difficult for anyone to eavesdrop on your connection, whether you connect via wi-fi, 3G or something else.

Alison C · 01-20-2011, 03:58 AM

Thanks, everyone, for these helpful replies.

Quote:

I doubt that what you claim is true.

Kranu, I don't think I "claimed" anything - I asked a question, and specifically offered up the possibilities that I was being paranoid and/or ignorant! I wanted to ask the question here because if there were a Kindle-related problem it's much more likely that people here would know about it than my local computer technician.

I'm reassured that the consensus is that it's not the Kindle; thanks, all. Avantman42, I followed the Gmail help instructions this morning, including enabling "always use https", which was disabled when I looked at my settings. MOngr31, we do have a firewall, but I'd have to confess I have no idea how to check up on what's going in or out - hence calling in an expert!

Thanks again; much appreciated.

Alison

avantman42 · 01-20-2011, 04:23 AM

Quote:

Originally Posted by Alison C

I'm reassured that the consensus is that it's not the Kindle; thanks, all. Avantman42, I followed the Gmail help instructions this morning, including enabling "always use https", which was disabled when I looked at my settings.

I'm glad you found it helpful. Just one thing to bear in mind with using HTTPS, though - it secures the data as it travels from your computer (or Kindle, mobile phone, whatever) to Google's server. If someone can get at the data on your computer (most likely by getting a trojan or virus onto it), HTTPS won't help. It's a good thing to have enabled, but it won't prevent every possible attack.

Russ

01-20-2011, 12:21 AM	#1
Alison C Enthusiast Posts: 46 Karma: 5714 Join Date: Nov 2010 Location: Somerset, UK Device: Kindle Paperwhite wifi	Could Kindle web access allow an email hijack? This morning my email account was hijacked by spammers, who sent an email to pretty much everyone I've ever emailed (not just the addresses in my Contacts). It's a Gmail account, and I've never had this sort of problem before. The only thing I can think of that I've done differently is that yesterday I used my Kindle to access emails; just playing with it at home to try it out really. When I'd finished I just went back to the book I was reading, without signing out from Gmail on the Kindle. (This may well have been stupid of me.) Maybe I'm paranoid or ignorant or both, but could the fact that I didn't sign out of Gmail on the Kindle have allowed the spammers access to my account somehow? The Kindle has not left the house in the intervening period, and access is via my home wireless network. The spammers were operating from an IP address in China; I've changed my password, followed some security settings advice from Gmail Help, and submitted a report to Gmail. I'd appreciate any comments or advice from people with more technical and Kindle knowledge than me (that's pretty much everyone!). Coincidentally I have a computer technician coming round tomorrow to deal with issues I've been having about slow running and odd error messages relating to a plugin-exe application error; I'll ask him about this issue as well, but it's likely that he's never seen a Kindle before, as they're not exactly common here yet. Alison

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Email from Web Browser	timctrahan	Calibre	18	09-19-2010 01:09 AM
Kindle web access question	anniep	Amazon Kindle	5	11-22-2009 04:15 PM
Calibre & web access	Nate the great	Calibre	4	03-03-2009 08:14 PM
Problem with BookDesigner Trying to Access the Web	QuantamPulse	Workshop	6	09-04-2008 12:41 AM

01-20-2011, 12:44 AM	#2
kranu I <3 my Kindle Posts: 528 Karma: 51332 Join Date: Nov 2010 Location: United States Device: Kindle 3G + WiFi	No, my Gmail account has never been hacked. I doubt that what you claim is true. Assuming you have a WiFi Kindle, you connected through your own internet. The connection never went through Amazon's servers. Chances are your computer is virus-infected, and needs to get cleaned; not the Kindle. Why would hackers target a Kindle when PC's are so much more of a bigger target?

01-20-2011, 01:11 AM	#3
FF2 Wizard Posts: 1,105 Karma: 1025784 Join Date: Oct 2010 Device: WiFi Kindle3	I don't know if it is kindle related but within the last month, there was discussion of an addon for Firefox which allows its user to grab or hijack an account once the user logs on to it. In other words, after you enter your password and are authenticated, the user of this software is ON YOUR ACCOUNT and can do things with it. I don't recall much more but it was yet another scary article about the insecurities of the web and wifi. Ah, found a link to some site where it is mentioned: http://www.wonderhowto.com/how-to-us...etwork-405854/

01-20-2011, 01:22 AM	#5
HarryT eBook Enthusiast Posts: 85,544 Karma: 93383043 Join Date: Nov 2006 Location: UK Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6	I agree with the previous posters; the Kindle has nothing to do with this.

01-20-2011, 02:43 AM	#8
avantman42 Wizard Posts: 1,090 Karma: 6058305 Join Date: Sep 2010 Location: UK Device: Kindle Paperwhite	Following up on this, and to respond to the more general question of "Could Kindle web access allow an email hijack?", rather than the specifics of your situation. One thing I would strongly recommend is that you check that the 'Always use https' setting is enabled. It used to default to disabled, but now defaults to enabled. If you signed up to GMail when the default was for it to be disabled, I don't know if it would have been changed. There is more information, including instructions on how to set it, at this GMail help page. Enabling the 'Always use https' setting means that all data sent between your Kindle (or PC, laptop, whatever) and GMail is encrypted, which makes it much more difficult for anyone to eavesdrop on your connection, whether you connect via wi-fi, 3G or something else.