Amazon’s Kindle Fire tablet was the hot present this past Christmas, and by all accounts, consumer demand hasn't
slowed since, so expect them to appear any day now on an enterprise network near you if they haven't already. However, there are plenty of privacy and security reasons that should make network administrators think twice about letting these Android-based devices connect to the internal corporate network.
A user’s entire Web history makes an attractive target for hackers.
At first glance, Kindle Fire security seems decent enough. The device gives users an option to set a password in order to use it, and a recent platform update added an option to prevent Wi-Fi access without inputting a password. Unfortunately, the Android OS is the No. 1 target of choice for malicious hackers, and new security flaws in the platform are being discovered all the time. This makes any Android device, including the Kindle Fire, difficult to secure in an enterprise environment, and in turn, enterprises should question the viability of any Android device as an enterprise endpoint without sufficient security technology controls in place, such as a mobile device management (MDM) or network access control (NAC) product.
However, the platform itself is not the Kindle Fire's biggest security issue. Its Silk Web browser, based on the less-than-secure WebKit browser engine, provides even more cause for concern.
Silk utilizes a split-architecture design, which means all of the browser subsystems are present on the Kindle Fire along with Amazon’s cloud-based Amazon Web Services. Each time a webpage is requested, Silk can dynamically offload some of the processing to Amazon's servers, improving webpage loading performance and allowing the tablet to use low-end hardware; that's why it has such an attractive price tag. It is a clever solution for dealing with the problems of Web browsing for a mobile device. However, the reduced latency and better surfing experience comes at a cost, namely reduced privacy. When a page is requested, Silk actually retrieves an Amazon Elastic Compute Cloud (EC2)-based copy, which means Amazon has a complete record of all Web activity on that device. Browsers from Opera and Research In Motion Ltd. (BlackBerry) have both used server-side page compression, but this is on a different scale altogether. Even SSL traffic is proxied through Amazon’s servers.
Worse yet, each Kindle Fire is tied to an Amazon ID and Silk’s terms and conditions state that Amazon keeps the Web addresses visited on that device for 30 days. With that information, Amazon can track all Web activity by the user, including browsing and buying habits. If Amazon's servers were hacked or breached in any way, a user’s personal data, possibly including credit card information, could be at risk, a concern that Congress shares. A user’s entire Web history makes an attractive target for hackers, and a court order could result in it being handed over to government agencies or a competitor’s lawyers. Obviously there are plenty of enterprise data privacy issues in play as well, which enterprises should consider before allowing the devices to be used in a business context. To preserve some privacy, enterprises should demand that Kindle Fire users run Silk in off-cloud mode so requests don’t go through Amazon’s servers. This also avoids issues if Amazon has another major EC2 outage.
On a positive note, Silk uses SPDY, a networking protocol that offers better security than plain HTTP. Also, Amazon is copying Apple Inc.’s walled-garden model and requiring all developers to submit their apps to Amazon for review before they are allowed to be listed for download. Currently, mobile device management apps with Kindle support are only just becoming available and are largely unproven, which adds to the security challenge. Users can not access Android Market to look for one either, but given Android’s problems with malicious apps, that is probably a good thing.
Kindle Fire is first and foremost a device designed for purchasing content from Amazon. Given that it is not a multi-purpose business tool in the iPad mold, there is not much of a business case to support its use at work. The Android platform and Silk browser security issues noted above should serve as the basis for a strong anti-Fire argument with your organization's technology decision-makers. As of today, the only way to confidently mitigate the security risks posed by the Kindle Fire is to keep them off the corporate network altogether.
About the author:
Michael Cobb, CISSP-ISSAP, is a renowned security author with more than 15 years of experience in the IT industry and another 16 years of experience in finance. He is the founder and managing director of Cobweb Applications Ltd., a consultancy that helps companies to secure their networks and websites, and also helps them achieve ISO 27001 certification. He co-authored the book IIS Security and has written numerous technical articles for leading IT publications. Michael is also a Microsoft Certified Database Administrator and a Microsoft Certified Professional.