Researchers discovered that an SSL flaw in Amazon’s Silk web browser could have been exploited by hackers to monitor users’ search engine traffic. Amazon Silk is a Chromium-based cloud-accelerated web browser developed for the company’s Kindle Fire tablets and Fire Phones. Similar to other browsers, Silk allows device owners to select which search engine they want to use – Google, Bing or Yahoo.
Researchers at security consultancy Nightwatch Cybersecurity discovered that if Kindle users select Google, Silk prevents redirection to the HTTPS version of the website, allowing attackers to launch man-in-the-middle (MitM) attacks and intercept the victim’s search traffic.
