[notimp]

This ventures into the area of risk assessment. There might be applications that can be used to bring untethered PDA functionality to Kindles, but what percentage of users is actually using them (Kindle as a primary note taking device that cant be tethered, ...), and is it high enough for an attacker to jump on that vector.

For very targeted attempts maybe, but as a broad concern, no way.

Responsible disclosure is important, if it is that open of a vector (even if it uses the webbrowser, not many people use the one on a Kindle - if the vector is a modified eBook that somehow can do code execution on its own, this would be the highest risk profile ("familiar" content loaded from unknown sources)).

Also a Kindle is not a device you can secure in any way against unwanted access to non system partitions - so there isnt even a reasonable presumption of security for personal documents.

The trick here is not to "imagine what is possible" but to be reasonable in the measures you take to allow for this to be fixed by the manufacturer, so the likelihood of it being exploited against user interests goes way down in addition to not being very high in the first place.

If Amazon doesnt respond, the practice in most cases is to release anyway - except if the risk profile is somehow seen as "exceptionally high". That is to promote manufacturers to move on security issues at all. Because it costs money.

Also, as this possibly is a first vector into understanding Amazons new proprietary file format - there even is heightened interest from a societal perspective.