There is a widespread myth that cybercriminals rarely consider an e-book reader to be a desirable catch, with computers, tablets, and smartphones being the primary targets instead.
This is not entirely true. E-book readers are also on the hacker radar because they store more valuable information than simply a book collection. There is a risk of ending up with stolen credentials and a compromised home network.
Marijus Briedis, CTO at NordVPN tells Digital Journal how to protect an e-book reader from being hacked.
Briedis outlines the problem: “An e-book reader is more like a computer than a traditional paper book, and like any other electronic device connected to the IoT network, they are also vulnerable to cyberattacks. Criminals are least interested in the e-book collection because readers, like Kindle, Nook, or Kobo, actually store much more valuable data”.
There are different means by which cybercriminals attempt to extract information from e-readers. Some of these are listed out by Briedis: “Creating malicious digital books and tricking readers into downloading and opening them is one of the most common ways to compromise e-book readers. A few years ago, cybercriminals already used this method and Kindle device vulnerabilities to cause privacy issues for users of the most popular e-book reader.”
Another concern is with the behaviours of users of e-readers. Briedis sets these out: “There are three main categories of readers who usually become victims of this kind of malware attack. One is people who look for a book to download for free instead of buying it from a reputable e-bookstore. Another category is readers who want to read a book in their native language but cannot find it translated to buy and then look for the book on alternative and, usually, piracy websites. The third group of people are literature enthusiasts who are trying to discover new talented writers and download self-published e-books. Cybercriminals often play the curiosity card as well”.
Aside from e-readers, the act of downloading books onto other devices also presents concerns. Briedis identifies these as: “Nevertheless, apart from the Amazon Kindle, dedicated e-book readers are pretty rare. Most people use devices with Android or other operating systems to read e-books. This exposes them to cybersecurity and privacy threats relevant to every tablet or smartphone and require certain security and privacy tools to protect themselves.”
In terms of the damage that can be caused, this extends to: “While attackers could simply delete user e-books from compromised readers and cause severe financial loss, usually, pranks are not the main reason why readers become targets for criminals. There are a few reasons why cybercriminals are interested in hacking e-book readers.”
Listing out what can go wrong, Briedis first identifies: “The most popular book readers are connected to e-bookstores, like Kindle is with Amazon. By hacking into one of these devices, a threat actor could steal any information stored on the device, including Amazon account credentials to billing information. This information can be sold on the dark web and raise severe privacy and even financial issues for the owner of a compromised e-book reader”
With the second risk area, Briedis finds: “Since most readers are connected to local internet networks, like home networks, cybercriminals can convert the reader into a malicious bot, enabling it to attack other devices in the local network, including computers, smartphones, or even smart home gadgets.”
To guard against these concerns, there are measures that readers can adopt. Briedis outlines some preventive measures:
Download books from official e-bookstores
Briedis advises: “You should always download e-books from recognized, reputable stores. While Amazon or Kobo are the most obvious choices, there are many smaller but reputable e-bookstores that are often managed by publishers. This will help to significantly reduce the risk of downloading an infected file.”
Update the software of your e-book reader
Briedis recommends: “Software updates fix security flaws and protect your device data. Security updates often come at the wrong time, but you should install them as soon as possible to repair your device’s vulnerabilities.”
Use tools to monitor the dark web and receive warnings about your credential leak
Briedis draws out: “For example, NordVPN’s dark web monitoring feature continuously scans dark web sites for your credentials, alerting you to each discovery so that you can take steps to protect the vulnerable account.”