Oct 04, 2011

Is the Kindle Fire insecure? And how do analysts know this already?

The Amazon Kindle Fire isn't due out for a month, but already I've heard that security experts are worried about it being a security threat. How can this be the case, and how do they know? Amazon says it doesn't ship until November. Is there a way for them to fix the (potential) security problems before they ship it?

Hi bralphye,

Here's an interesting article that delves into the Silk browser service Amazon is including with the Kindle Fire. It is possible to turn off the cloud based browsing (though you might pay a speed price for doing so) if that's a privacy concern.

How Amazon Kindle Fire's Silk Web Browser Works

"Despite the improvements in the quality of mobile hardware—both phone and tablet—the speed of web content still remains under the domain of those hosting it. It doesn't matter how fast your hardware is when the real bottleneck is located at the point entry. To solve this problem, Amazon has offered to offload this work onto its own servers. While not the first browser to act as a middleman in serving content (Opera's been doing it for ages), Amazon is using their portfolio of server technologies to do more than compress images and pre-render pages."

The main security issue known so far with the Amazon Kindle Fire is the way that it handles web browsing. Because the way that it surfs the web is broken into two components so the "heavy lifting" can be done on the Amazon cloud side (resulting in better performance from the low-cost device), SSL is broken - it cannot possibly work because for Amazon to break apart the web processing, they're basically performing what amounts to a "man in the middle" attack on any web browsing you perform on the device. I'm not sure if there's a fix - if there will be any way to turn off the Amazon cloud-based processing. We'll have to wait until the device is actually in people's hands before experts will be able to diagnose methods for making the device more secure.

Answer this