Quote:
Originally Posted by Branch Delay
- - - - -
#3 -- A few people are concerned about malicious actors using this to brick devices. I wouldn't be. Assuming someone wants to spend the equivalent of tens of thousands of dollars to brick a $100 Kindle..up to them? Would patch as soon as you can though.  |
The security of electronic devices has to be based on possibilities, not (just) probabilities.
Remote bricking of a device in the case of the Kindles?
As B.D. writes: "why bother?".
BUT
- There is no way to know if anything other than e-books is being stored on a Kindle.
In fact, the applications in the Kindle Menu package make it very easy to store 'information' other than books.
I'll save the casual reader from searching for that reference -
Kindle Menu brings a lot of "PDA style" applications to the Kindle.
- The Kindles already have all of the info-structure required to do silent software (malware) distribution preinstalled and running.
A "Simda Style" Botnet is a very real possibility.
(a "what's that" ref: https://www.us-cert.gov/ncas/alerts/TA15-105A)
- Kindles are not used **exclusively** as stand-alone computers.
They can be attached to any computer and will appear as a USB storage device.
USB storage devices are an all too common distribution vector of malware, including botnet malware.
With that possibility, the information sources to be mined and/or harvested is vastly expanded from that which would be stored on the Kindle itself.
My point above being that it is not the probabilities that are the determining factor, but the possibilities.