Over the years there have been dozens of different jailbreaking methods and various hacks for Kindles, and every time Amazon closes one loophole someone discovers a new way to hack a Kindle’s software.
A good example of this recently came to light with something called KindleDrip.
A researcher discovered three vulnerabilities in Kindle software that together can allow hackers to make purchases using your credit card, and they could also sell ebooks on the Kindle store and transfer money to their account.
All a hacker would need to figure out is your Kindle’s email address, which apparently isn’t that difficult to ascertain since it’s based on the regular email address you use for your Amazon account. Then they could send an ebook with links that open the web browser to a page that contains a malicious image that allow hackers access to private credentials from the device.
Amazon reportedly fixed the problem in the last 5.13.4 software update that was released in December, so if your Kindle is still running older software you might want to update it.
As noted in the conclusion of the KindleDrip article, this could also have been used to jailbreak the newest Kindle devices. Some people get frustrated by how closed down Kindle software is but reasons like this are why Amazon doesn’t want to keep any loopholes open and why they make hacking Kindles so difficult.
There haven’t been any reports of hackers using this method to get access to anyone’s accounts, but the video below shows what’s possible with the older firmware. The researcher reported the exploit to Amazon back in October and was awarded $18k in bounties.