Does Your Kindle Fire Need Virus Protection?

Send to Kindle

* * *

Today’s post is brought to you by ESET Smart Security, the tech security product I’ve used for years and love. Advertisers make it possible for Digital Media Mom to bring you great content each day for free, so thanks for your support.

* * *

Does a Kindle Fire need an antivirus program?

Note: Kindle Fire HDX owners, please see this more recent post, which is specific to the HDX line - Kindle Fire HDX Antivirus: Do You Need It?

 

In a word, at this point in time, assuming you haven’t hacked your Fire and don’t “sideload” apps to it, no. Not really.

While it’s true that the Kindle Fire runs on the Android platform, and there have been numerous reports of hackers targeting phones that run on the Android platform, that doesn’t mean they’re also targeting your Kindle Fire. Here are the reasons why:

The Kindle Fire runs on a custom, Amazon-proprietary version of Android. The only people who would know how to write a malicious program or script that could run on the Fire’s custom version of Android are the software engineers who helped to create it. Disgruntled employees are not rare, but this factor alone prevents existing malware collectives from easily exploiting the Kindle Fire as a platform for spreading their wares. And if a disgruntled employee from Amazon were to attempt some kind of attack, she’d still be stymied by numerous other factors. Read on.

Hackers target Android phones in order to make bogus charges to those phones’ billing statements. The bogus charges are paid to—big surprise—the hacker or his employer, usually located somewhere offshore where they’re impossible to locate or prosecute. Since all versions of the Kindle Fire currently on the market are not capable of making calls, this type of hack is not applicable to the Kindle Fire.

While it’s true that hackers could theoretically find a way to tack bogus charges on to the monthly data plan employed on the Kindle Fire 4G, this is not too likely because the key to success for hackers is proliferation: maximizing the spread of the malware. See the next item on this list, below.

The Kindle Fire is not a proliferation-friendly device. At present, Kindle Fires cannot communicate directly with one another, nor with any other mobile devices. In fact, the only way a Fire can communicate directly with another computing device is via USB cable, when you connect it to your computer.* Hacks designed to work on the Fire’s custom version of Android will not work on a Windows PC or a Mac.

*6/13/13 UPDATE: there are now some apps available that allow for file transfers or video/audio streaming from other computing devices to and from your Fire via a wifi connection. But again, since any malware designed to attack your Fire wouldn’t work on some other device (and vice-versa), regardless of wifi connection capability the Fire still isn’t a proliferation-friendly device for malware.

A clever hacker might think he could stash some Windows or Mac malware on your Fire and then unleash it next time you connect to your PC, but it’s not a very effective attack since all PCs and Macs are different and many Kindle Fire owners never connect via USB at all. Typically, malware creators send out automated robots online that seek out the PCs and/or Macs that are already in the optimal configuration to hide and spread their malicious programs. Arranging to have the malicious programs stow away on a Fire would take a lot of work, and quite often would fail to get the desired results.

Anyway, that type of attack would have no effect on your Fire. At the point where malware is transferred from your Fire or any other device to your PC or Mac, it’s your PC or Mac’s virus/malware protection software that needs to take over because it’s your PC or Mac that’s at risk.

Amazon vets all apps for malware before listing them in its App Store. While sites like Kapersky claim the Amazon App Store has numerous examples of malware in its app catalog, if you read such reports in full you’ll find what they’re really talking about is “bloatware”, not malware. Bloatware is a largely useless piece of software (or app) that claims to provide some useful functionality (like extending battery life) when in fact most of what it does is push advertising on you or collect data about your device and internet usage to sell to marketers. Malware, on the other hand, actually does damage to the devices it attacks, whether in the form of bogus phone charges, data theft and/or destruction, or even hardware damage.

The best way to avoid bloatware is to check user reviews and permissions requirements before buying or downloading a new app. Apps that demand permissions that don’t seem to be necessary for the functionality the app provides are highly suspicious. To learn more about all the types of permissions apps may require and what each one means, see this article on Technically Personal.

So long as you’re only getting your apps from the Amazon App Store and you’re not hacking your Fire’s software, you’re being about as safe as you can be. “Sideloading” apps means manually copying apps from sources other than the Amazon App Store (or any other large, reputable app provider, like Google Play) onto your Fire. That kind of activity definitely opens a door for possible malware attacks, as does hacking your Fire.

Since Amazon is greatly invested in ensuring Fire owners use and love their devices, Amazon is just as greatly invested in preventing any kind of malware attacks on the Fire. If you only ever get your apps from Amazon and don’t hack your device, you are doing about as much as you possibly can to prevent a malware attack on your Fire.

The Kindle Fire doesn’t have the multi-tasking, multi-threading capabilities malware requires to do its work. You may have noticed that it’s impossible to have more than one “window” open on your Fire at any given time. While it is possible to play music in the background while you use the Fire for other tasks, you can never have another window open and running in the background while you’re doing something else in a different window. Malware needs the capability of running another window in the background without your becoming aware of it in order to do its dirty work. Any script that needs to open your Fire’s browser or mail program can only open one or the other of those windows, and the instant it does so, you will know about it because whatever you were doing at the time will immediately come to a halt when the new window opens.

When the first Kindle Fire malware attack inevitably occurs, if history is any indication, it will be via a previously unknown or unexpected avenue. Hackers are absolute geniuses at finding and exploiting software vulnerabilities, and it’s probably only a matter of time before they find a way to make use of the Kindle Fire for their dastardly purposes. However, hackers are also very much aware of existing antivirus / anti-malware technology, and all significant attacks of the past have always exploited an opening that no antivirus / anti-malware software ever saw coming.

Bottom line: if having an antivirus program on your Fire eases your mind, or you’ve found such an app that provides some additional functionality you’d like to have, then go ahead and get an antivirus app for your Fire. But you don’t really need it, and it most definitely will not protect your Fire from future hacks.

 

This is a reprint of an article I originally wrote for Kindle Fire on Kindle Nation Daily. It is provided here in its entirety with that site’s permission.

* * *

And now, a word from our sponsor…

ESET Smart Security is the preferred antivirus/security software of many tech professionals, including me, but it’s very easy to use and is designed with non-techie consumers in mind. I’ve been using it for over five years, and in all that time I’ve never had a security breach or malware problem. Better yet, ESET software is currently being offered at a discount of up to 70% off on Amazon. A 1-user version is currently on sale for $18 (70% off), and the 3-user version is currently priced at just $33 (59% off), both for a full 1-year subscription that includes all updates. I renew my 3-user ESET subscription every year at full price and I think it’s totally worth the money, so if prices are back up to full retail by the time you’re reading this, ESET is STILL a great value.

* * *

Print Friendly

13 Comments

  1. Comment by Carol:

    I am new to kindle I just got a 1st generation and love it! It works so well! Does amazon put out software updates for the first generation still? It would be nice to categorize and group bookmarks for example. Also to download and save text/graphic files from recipe or craft websites that offer a print option. I am not a great tecchy at all but I think this is just called html. Anyhow the article is very informative; and it is nice knowing there is not much motivation to hack the system. :)

    • Comment by Mom:

      There hasn’t been a software update on the First Generation Kindle Fire since the HD models were released. It’s actually kind of nice, that you’re not having to wait for updates to install all the time, like with Windows Update. Regarding printing or saving/downloading web content, see this DMM article: Printing From Kindle Fire, Printing From Android. It discusses options for hard copy printing as well as “printing” to PDF format using an app, which will allow you to keep a PDF copy of whatever you “print” on your Fire.

  2. Comment by Kent:

    Not sure if you know the answer but if someone does sideload an app (from say 1 mobile marketplace), can a virus or a hacker potentially gain access to your Amazon account without your knowledge? Thanks!

    • Comment by Mom:

      While I have not heard of anything like this happening yet, it seems theoretically possible. I keep my security settings such that I must provide my Amazon password for any purchases from my Fire, but if you have it set so that your password is stored and automatically entered for you instead, that would make it easier for a potential attacker to get. When the password is stored on the device it is encrypted, but hackers have all kinds of tools to break or get around encryption. While I have sideloaded apps from HumbleBundle (I trust this source), I’ve avoided sideloading anything else from any other sources—even Google Play—because from time to time I’ll hear about malware being hidden in apps from various marketplaces.

      I’d suggest you change your settings such that your Amazon password must be re-entered for every Amazon purchase (this includes in-app purchases) and avoid sideloading apps from questionable sources.

      • Comment by Kent:

        Thanks for the input. I think I will do just that and make sure the password must be entered each time. Great advice and very nice blog. Thanks again.

  3. Comment by Carole:

    At the bottom of Word with Friends a notice came up saying I had 3 virus and have a web page to download an anti virus app, is that a scam or legitimate

    • Comment by Mom:

      Scam. Any such notice coming from a source you don’t know about—as opposed to coming from an antivirus software you installed yourself—cannot be trusted.

  4. Comment by Sean:

    Although the article was very informative and logical, I still wonder about the FBI ransomware that has gone everywhere.

    • Comment by Mom:

      The FBI Ransomware trojan, which is also known as the FBI MoneyPak virus, has yet to crop up on any tablet or smartphone. This Trojan is apparently only designed to work on PCs and (more recently) the Mac OS X operating system. This is probably because getting rid of it on a mobile device is as simple as resetting the device to factory defaults. Thanks for your question; I’ll be writing a post about this today.

  5. Comment by Mike:

    I have had my Kindle Fire HD for about 5 months now and love it. However, an interesting thing happened to me after the first, and only, time that I accessed my gmail account from my Kindle. My email account was used to send out spam about some “money-making opportunity”. Now, I had a very strong password and had never before had my account compromised. After I discovered what had happened, I changed my password. I’ve not used my Kindle to access my gmail account again. I like your article and it makes sense, but I can’t help noting the fact that the ONLY thing that had changed for me before my password was compromised was using my Kindle to access my account. So, I’ve got to double-check with you — wouldn’t installing keyloggers on Kindles be an easy way to access people’s accounts like this? And another question — what can I do to detect / eliminate a malware infection if indeed I do have one?

    • Comment by Mom:

      I believe what you are describing was a coincidence. Even if the timing happened to make it appear that this problem began after you accessed your gmail from your Fire, since gmail doesn’t “live” on any of your devices (it’s accessed through a web browser and its content is stored on Google’s servers) it doesn’t make sense to assume the device you used to access your email has anything whatsoever to do with this kind of attack. These kinds of attacks, where a web-based account (like gmail, Facebook, Twitter, etc.) is hijacked are typically carried out totally online, independent of any specific device and not requiring that any malware files be installed on any device. That’s part of the reason why they can easily slip past your anti-virus software on various devices: the anti-virus software is only looking for threats on your device’s hard drive or flash memory (in the case of portable devices).

      Also, I access my gmail account on my various Fires all the time, and the big keylogging virus attack that happened back on October was limited to PCs and Macs, it didn’t affect mobile devices at all. As I say in the article, the Fire is simply not a proliferation-friendly device, so it’s not worth hackers’ time and effort to try and exploit. Now, the HDX line, which has the option for cell connectivity, might be making cell-connected Fires an attractive target for hackers who want to tack bogus charges onto users’ cell phone accounts, but there again, that’s about the only kind of malware attack that’s likely to happen anytime soon because Amazon’s done a very good job of keeping their Kindle Fire ecosystem “closed”: Fires aren’t designed to communicate wirelessly with other computers, and it’s only recently that they’ve been able to communicate wirelessly with printers.

      As for how to tell if your Fire has malware, it would be the same as with any other device: if it’s behaving strangely. Even so, the more likely cause there is a dying or damaged battery. That, or an accumulation of “data droppings”, requiring a reset to clear.

      Finally, keylogging attacks are generally used to steal passwords and financial info, not for spreading spam. A keylogger not only steals the passwords and data of the initial victim, it copies itself to other computers via email or networked connections. If your issue was spam, that was most likely a “phishing” attack, in which you were tricked into providing your gmail credentials by a legitimate-looking online form, or else your password was guessed by a computer program designed to guess passwords.

    • Comment by Mom:

      One more thing to note: I do think hackers will eventually find a way to target the Kindle Fire line of tablets, simply because it’s such a popular device. However, as I say in the article, when that first attack happens no antivirus or anti-malware program will be able to prevent it. Antivirus and anti-malware apps and programs can only be updated to detect a new type of threat after that threat has been detected “in the wild” and studied. I have no intention of investing in any antivirus or anti-malware app for my Fires until after the first attack happens, because until then, the app won’t be providing me with any protection against the first attack anyway.

  6. Comment by tegwynjohns:

    Very helpful

Leave a Reply