Analysis

At Black Hat London, Thales engineer Valentino Ricotta demonstrated a critical Kindle vulnerability in the file-parsing layer that allowed a maliciously crafted eBook (including side-loaded files) to execute code, steal Amazon session cookies, and make one‑click purchases using a linked credit card; he further chained that flaw to a second bug to take full device control and noted the exploit could persist because Kindles are rarely power-cycled. Ricotta reported the issues to Amazon, which issued automatic updates to affected Kindle and Audible functionality before the presentation, paid a $20,000 bug bounty (donated to charity), and said there is no evidence the flaw was exploited in the wild; the incident mirrors a similar 2020 “KindleDrip” vulnerability that was patched and earned an $18,000 bounty. The story underscores a recurring attack surface tied to self‑published and third‑party content ingestion, but also highlights Amazon’s rapid remediation and active bug‑bounty program as effective controls that have, so far, contained reputational and operational impact. Investors should note the piece’s mildly negative sentiment but limited market‑impact signal, and monitor for any escalation such as reports of active abuse, large consumer reimbursements, or slower‑than‑expected update adoption that could change the risk profile.