While trying to discover a future Hemingway or Remarque, you might end up with stolen credentials and a compromised home network, warns a cybersecurity expert.
There is a widespread myth that cybercriminals rarely consider an e-book reader to be a desirable catch, with computers, tablets, and smartphones being the primary targets instead. This is not entirely true. Bookworms and their beloved e-book readers are also on the hacker radar because they store more valuable information than a book collection.
“An e-book reader is more like a computer than a traditional paper book, and like any other electronic device connected to the IoT network, they are also vulnerable to cyberattacks. Criminals are least interested in the e-book collection because readers, like Kindle, Nook, or Kobo, actually store much more valuable data,” says Marijus Briedis, CTO at NordVPN.
Confirmed Methods to Get into Your E-library
Creating malicious digital books and tricking readers into downloading and opening them is one of the most common ways to compromise e-book readers. A few years ago, cybercriminals already used this method and Kindle device vulnerabilities to cause privacy issues for users of the most popular e-book reader.
“There are three main categories of readers who usually become victims of this kind of malware attack. One is people who look for a book to download for free instead of buying it from a reputable e-bookstore. Another category is readers who want to read a book in their native language but cannot find it translated to buy and then look for the book on alternative and, usually, piracy websites. The third group of people are literature enthusiasts who are trying to discover new talented writers and download self-published e-books. Cybercriminals often play the curiosity card as well,” Briedis says.
Nevertheless, apart from the Amazon Kindle, dedicated e-book readers are pretty rare. Most people use devices with Android or other operating systems to read e-books. This exposes them to cybersecurity and privacy threats relevant to every tablet or smartphone and require certain security and privacy tools to protect themselves.
Threat to Much More Than Just books
While attackers could simply delete user e-books from compromised readers and cause severe financial loss, usually, pranks are not the main reason why readers become targets for criminals. There are a few reasons why cybercriminals are interested in hacking e-book readers.
First, the most popular book readers are connected to e-bookstores, like Kindle is with Amazon. By hacking into one of these devices, a threat actor could steal any information stored on the device, including Amazon account credentials to billing information. This information can be sold on the dark web and raise severe privacy and even financial issues for the owner of a compromised e-book reader.
Secondly, since most readers are connected to local internet networks, like home networks, cybercriminals can convert the reader into a malicious bot, enabling it to attack other devices in the local network, including computers, smartphones, or even smart home gadgets.
How to Protect an E-book Reader from Being Hacked
Marijus Briedis, CTO at NordVPN, advises to take these preventive measures:
- Download books from official e-bookstores. You should always download e-books from recognized, reputable stores. While Amazon or Kobo are the most obvious choices, there are many smaller but reputable e-bookstores that are often managed by publishers. This will help to significantly reduce the risk of downloading an infected file.
- Update the software of your e-book reader. Software updates fix security flaws and protect your device data. Security updates often come at the wrong time, but you should install them as soon as possible to repair your device’s vulnerabilities.
- Use tools to monitor the dark web and receive warnings about your credential leak. For example, NordVPN’s dark web monitoring feature continuously scans dark web sites for your credentials, alerting you to each discovery so that you can take steps to protect the vulnerable account.
