SSL Certificate

Vulnerabilities in Amazon Silk Browser Could Allow MitM Attacks

July 26, 2016 | By Comodo SSL

Cyber security experts have discovered that the Amazon Silk browser does not protect privacy and ignores SSL searches. For those of you who don’t know about the Amazon Silk browser – it is a web browser that has been developed by Amazon for its Kindle Fire tablets and Fire phones.

Amazon claims that its Silk browser creates a very strong connection between Kindle Fire devices and Amazon’s servers (Elastic Compute Cloud – EC2). The Silk browser is based on the Chromium project – the Google Chrome. The Silk browser works in a unique manner – while some part of the processing takes place on the browser, the rest of the processing takes place on the EC2 servers.

Silk Browser

Amazon Silk browser + Google search engine

When searches are performed on the Amazon Silk browser using Google search engine, the chance for an attack or exploitation is pretty high as the browser has a severe bug that seems to disregard SSL security standards that must be followed. Furthermore, the browser also prevents redirection to the SSL version of Google’s search engine – “https” which is a more secure version of the standard Google search engine.

Attempts to access the google web page – “http://www.google.com” would normally redirect the web page to the SSL version “https://www.google.com“; however, in the Amazon Silk browser, it does not get redirected. This vulnerability has presently been fixed by Amazon in its latest version after cyber security experts pointed out the case. Check your browser version now. If you are on  Amazon Silk browser with version less than v51.2.1, then you are vulnerable. Immediately upgrade your browser to stay safe from hackers.

The Amazon Silk browser  has other vulnerabilities too. All web activity that takes place through the browser happens through the EC2 servers. Though this improves the performance of the browser, it is not popular among many users.

The MitM vulnerability observed in this browser is basically a design flaw. In order to keep yourself protected try to use a more robust browser that connects to websites with SSL certificates. Further, keep your OS and web browser updated to protect yourself from malware attacks and vulnerability exploits.

SSL Certificates

<<
Learn more about ssl certificates

Ssl certificate influence on consumer decision making >>

Posted in SSL Certificate

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory