Firestalked - The Amazon Fire Tablet Security CoverUp cover art

Firestalked - The Amazon Fire Tablet Security CoverUp

Firestalked - The Amazon Fire Tablet Security CoverUp

By: Dick Morrell
Listen for free

LIMITED TIME OFFER | £0.99/mo for the first 3 months

Premium Plus auto-renews at £8.99/mo after 3 months. Terms apply.

About this listen

In 2023 Amazon were made aware at the highest levels of a massive security exploit made against its Amazon Fire tablets because of amazingly stupid flaws that had existed for many years in FireOS. Specifically security vulnerabilities in the privilege escalation and authentication libraries which allowed childs play simple exploits against upstream Amazon cloud architecture. Whilst the vulnerabilities were confirmed and subsequently patched, Amazon failed to publish security errata, CVE information of any description or to make public the extent of the huge vulnerabilities affecting millions of devices used in homes globally.


Fire tablets are fantastic devices that extend Amazon capabilities importantly into the home and have often been the first touch device for millions of children outside of the more expensive iPad world or more expensive Android tablets.


So why did Amazon, when they were aware of such massive vulnerabilities affecting tens of millions of users never publish a single solitary release of information for users in households across the world ? Conversely why didn't they inform any of their partners in any of the educational institutions globally that they support by way of donation or have sold Fire tablets to. Knowing those massive privacy impacting holes that were simply exploited had been discovered and now thanks to a UK security engineer detailing them to Amazon - patched.


A breach of confidence in the world's biggest consumer technology provider and online cloud retailer ?


But more worryingly, fully aware that the engineer reporting the vulnerability, one of the worlds most widely known Open Source engineers, was the victim of long term domestic abuse using the devices, went quiet.


A victim of actual domestic violence perpetuated using two of their devices.


They tried to cover up the story. This is the podcast that shines a light on what happened and ends with a full and unabridged explanation from the Principal Engineer involved in the security dilemma that explained how Amazon PR and Legal instructed a cover up and non reporting in errata and changelogs of the security holes.


Yet an SEC listed company freshly fined by the FTC deciding to do this is a shocker. So now is it appropriate that the FBI and the SEC now find themselves involved and Amazon forced to cooperate ?


Either way I want a rather plump damages cheque for the bugs I brought in and the impact and upset caused to my family.

Copyright 2025 Dick Morrell Social Sciences True Crime
Episodes
  • Episode 5: It's a Dumpster Fire

    Episode 5: It's a Dumpster Fire
    Dec 2 2025

    It's now six or seven weeks since we went pubic following Steven J Vaughn Nicholls, the world famous trusted and lauded US technology editor in his story about my having been hacked and stalked using Amazon Fire devices.


    Now nearly 100k people have downloaded and listened to Episodes 1-4 we have further disclosure that has been made available by folk within Amazon and also software engineers in the community regarding Amazon having been aware of issues with SLO / SSO and security issues with FireOS 5.x - 7.x during the period 2017 to 9th June 2023 when it was finally patched.


    And a county police force in the UK, Wiltshire Police now look extremely lax, naive, inexperienced and they should be very very embarrassed.


    I am meeting with them and their Digital Forensic Team (finally) in the next few weeks. They should be humble embarrassed and ashamed of what a shower of shit they are. I look foward to the Chief Constable of Wiltshire releasing a public facing apology before Christmas and I look foward to and fully expect interim damages from Wiltshire Police for their failures.


    Episode 6 out soon.
    Show More Show Less
    1 hr and 4 mins
  • Episode 4: Ethical People do exist at Amazon

    Episode 4: Ethical People do exist at Amazon
    Oct 8 2025

    There are good people in the world. Ethical folk who are engineers and programmers, programme leads and operational staff. Often they are managed by those who play the angles. Who would rather the bad news never saw the light of day.


    But when you're an SEC listed company, fined days prior by the US Department of Justice and the FTC for a smaller breach than the one you've just had walked in the door that now affects the legacy privacy of tens of millions of devices in the field then you have an absolute responsibility to communicate to your users.


    In fact the DoJ ruling stated that Amazon was orded "notify users of its retention and deletion practices and controls;". Immediately two major vulnerabilities which impacted that ruling were on the desk of the Head of Security regarding retention of data and privacy and cached credentials allowing a device to become a trusted hardware token.


    With the fourth major bug being the fact that software flaws in Cloudview and logging meant you were unable to deregister Kids Fire devices at all from the Web UI.


    So what happens when someone blows the whistle when Amazon tried to cover all this up ???


    Decent people do exist. Shame Amazon can't keep hold of them. Maybe they should send him a stock award and an apology.
    Show More Show Less
    39 mins
  • Episode 3: Setting Fire to Security Basics

    Episode 3: Setting Fire to Security Basics
    Oct 8 2025

    So knowing for absolute fact that I am the subject of industrial scale stalking and hacking, the devices left with my ex wife being subject to the flaws and bugs relating to cached credentials and the Amazon Photo and Amazon Alexa lack of forced authentication (alongside an aged device logging bug) I was determined to engage with Amazon properly. Engaging with the Head of Security at Amazon and Ring in Seattle one on one. With live data supplied from Cloudwatch the immutable tamperproof platform that Amazon use to log all retail and operational activity.


    I had no idea the storm that was about to break. But it's enough to put a Devizes girl in prison.
    Show More Show Less
    24 mins
No reviews yet