New kindle - security question

[Space cat]

I hope I'm in the right forum here. Our other half has recently acquired a kindle and I've been loading it with (free) books. I've discovered that you can transfer books directly from Amazon onto the kindle and you don't even have to be on your home computer to do it.

But now I've been thinking. In order to get those books, the kindle must have gone out onto the internet - through our router and its firewall - to download them from Amazon all by itself. What's more, I didn't even have to tell it that books were available. I just switched it on and there they were! Does this constitute a hole in our network security?

 

[Spark123]

Is your home wireless network password protected i.e. WPA2 PSK?
Another thought, do you connect it to an internet enabled PC using a USB lead to charge it?

 

[rjm2k]

either

it's a 3G kindle
or
someone entered your network info and forgot
or
your network is open
or
your neighbours network is open

 

[Monkeh]

He never said he didn't connect it to his network.

He just doesn't understand that it's able to make a connection outside by itself.

 

[Space cat]

Is your home wireless network password protected i.e. WPA2 PSK?

Yes it is - and it has MAC address filtering too.

He just doesn't understand that it's able to make a connection outside by itself.

That was the bit that surprized me. I knew that I could switch it on and tell it to go to Amazon's website. To get it to do that, I had to give it the WPA pass phrase and also tell the router its MAC address. What I wasn't expecting was that it can, apparently, connect any time it likes. Even as I type this, it says it's downloading books - and all I did was unplug the USB lead.

I don't have any symptoms of a security breach at the moment. I was just wondering whether anything undesirable could exploit the connection. It doesn't appear in my list of network places on the PC so I guess that's a good thing but it does appear as a disc drive when I charge it through the USB lead so any software running on the kindle has access to files on the PC.

Or am I just being paranoid?

 

[Monkeh]

Is your home wireless network password protected i.e. WPA2 PSK?

Yes it is - and it has MAC address filtering too.

Which is totally, 100% worthless.

He just doesn't understand that it's able to make a connection outside by itself.

That was the bit that surprized me. I knew that I could switch it on and tell it to go to Amazon's website. To get it to do that, I had to give it the WPA pass phrase and also tell the router its MAC address. What I wasn't expecting was that it can, apparently, connect any time it likes. Even as I type this, it says it's downloading books - and all I did was unplug the USB lead.

I don't have any symptoms of a security breach at the moment. I was just wondering whether anything undesirable could exploit the connection. It doesn't appear in my list of network places on the PC so I guess that's a good thing but it does appear as a disc drive when I charge it through the USB lead so any software running on the kindle has access to files on the PC.

Or am I just being paranoid?

You're being paranoid based on a movie-like concept of computer security.. There is no security issue. It's no different from Windows checking for updates regularly. Or your clock updating from the net daily (yes, it does that, at least on Windows 7). Or hell, your browser reaching a website without you having to go and confirm every one of the dozens of connections required. Your firewall does not work the way you think.

Don't leave the wireless on. It murders the battery life.

 

[Space cat]

It's no different from Windows checking for updates regularly.

OK, you convinced me. I would only have a problem if I downloaded a trojan and I'm pretty sure Amazon don't have any in stock! But why is MAC address filtering worthless? Good tip on turning wireless off by the way. I've just done it.

 

[Monkeh]

But why is MAC address filtering worthless?

Because anyone who can crack WPA in the firstplace can use your MAC address and bypass that entirely.

 

[Space cat]

Because anyone who can crack WPA in the firstplace can use your MAC address and bypass that entirely.

Well that one made me think because it wasn't obvious how you would get through the MAC filter to get a connection in the first place.

But I think I can see the answer. Do you intercept the wireless signal, crack the encryption and extract the MAC address of the computer that sent it? After that, you just have to spoof the MAC address on your own computer and you're in.

 

[joinerjohn]

I've tried hacking some of my neighbours wifi routers (just so I could still get on the internet , should my Virgin Media connection drop). Takes far too long though and because I'm using a Linux OS, it all has to be done through the command line.

 

[Monkeh]

Because anyone who can crack WPA in the firstplace can use your MAC address and bypass that entirely.

Well that one made me think because it wasn't obvious how you would get through the MAC filter to get a connection in the first place.

But I think I can see the answer. Do you intercept the wireless signal, crack the encryption and extract the MAC address of the computer that sent it? After that, you just have to spoof the MAC address on your own computer and you're in.

Bingo. Although you can always see the MAC address. It really is the most pointless 'security' option going.