The Trojan Book: How a Malicious E-book Can Hijack Your Entire Amazon Account

A security researcher has demonstrated how a “booby-trapped” e-book can turn an ordinary Kindle into a gateway to a user’s Amazon account—granting access to payment details and even enabling one-click purchases. Valentino Ricotta crafted a malicious book and showed that once such a file is loaded onto the device, it can yield full control over the linked Amazon account.

Ricotta said he was struck by how deceptively “domestic” and unobtrusive the Kindle appears, despite being constantly connected to the internet, maintaining long battery life, and preserving an active Amazon session. As a result, a successful compromise could give an attacker not only access to personal data and stored card information, but also the ability to use the Kindle as a springboard into the home network or other devices registered under the same Amazon account.

The vulnerabilities were found in Kindle software components responsible for scanning and extracting data from audiobooks—code that exists on the device even though the reader itself cannot play audio files. Ricotta also uncovered a flaw in the on-screen keyboard. By chaining these weaknesses together, he forced the Kindle to load malicious code and was able to steal session cookies—tokens that effectively grant account access.

According to the researcher, the most immediate risk applies to users who sideload books onto their Kindles from third-party websites rather than through the Amazon store, often in bulk and via USB. Ricotta emphasized that damage is possible even if the device is offline at the moment of transfer; what matters is the implicit trust placed in the files and their sources.

Ricotta reported the findings to Amazon. Both issues were classified as “critical” and subsequently patched; he received a $20,000 bug-bounty award, which his employer, Thales, donated to charity. Amazon confirmed that the vulnerabilities affecting Kindle devices and Audible functionality have been resolved, and that all impacted readers have received automatic updates.

Experts note that while the attack is technically complex, it vividly illustrates a familiar lesson: systems have many entry points, and each must be secured. Professor Alan Woodward of the University of Surrey likened the situation to locking the front door while leaving a window open, adding that such weaknesses often go unnoticed because devices are considered secondary. Professor George Lucas of the University of Greenwich also recalled that Kindle vulnerabilities have surfaced before, but stressed that this attack—leveraging audiobook processing in particular—was executed with unusual precision, a concern made more acute by the popularity of audio content and the high value of access to an Amazon account.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy