Kindle Fire Security: Burn Them. Burn Them All.

My Kindle Fire automagically updates itself whenever Amazon decides it should. Sometimes an update produces a notice that an app (why don’t we call them “programs” these days?) needs more permissions, but the process generally goes unremarked.

This one wasn’t subtle at all:

Kindle Fire - File Expert Trojan warning

Kindle Fire – File Expert Trojan warning

I had just fired up File Expert, which immediately dimmed the screen and presented a dialog box with only two unpalatable choices. Here’s a closeup:

Kindle Fire - File Expert Trojan warning - detail

Kindle Fire – File Expert Trojan warning – detail

Well, what would you do?

Needless to say, I didn’t press the Download Now button; it probably wouldn’t have worked anyway, because I turned off the Allow Installation of Applications from Unknown Sources option a long time ago. Pressing Exit bails out of the program app and returns to the Home screen.

Some questions immediately spring to mind:

  • If the app has been compromised, exactly how did it regain control and complain about the situation?
  • If this is truly a compromised app, why wouldn’t the Trojan just download malware without asking?
  • How did this pass the ahem QC and auditing that allegedly justifies having a sole-source Amazon App Store? After all, I can load random crap from the Interweb onto a PC all by myself.
  • How does one validate the origin of those random security questions that regularly appear on various computer screens? Why wouldn’t malware just pop up a random dialog box asking for the password, any password, and gleefully use whatever you type?

This appears to be a false positive, as explained there. I assume that any malware worth its salt would also kill off any built-in integrity checking, but what do I know? It’s gone missing from the storefront, probably cast forth into the outer darkness away from the light of Kindle Fires…

About these ads

  1. #1 by ewf on 2012-12-02 - 10:59

    Hmmm!
    app <- program
    devop <- programmer (if granted direct access to end-user )

  2. #2 by Raj on 2012-12-03 - 06:48

    The language tells me that the notice you saw is not official and may be a malware – I dont have one so I cant say more!

    • #3 by Ed on 2012-12-03 - 07:58

      The language tells me that the notice you saw is not official and may be a malware

      That was my first thought, too, but the author is “Xian Geek”, which suggests English is, at best, a second language, and pretty nearly everybody has been cutting him (her?) some slack on that. His English is far better than my (nonexistent) Mandarin…