In 2023 Amazon were made aware at the highest levels of a massive security exploit made against its Amazon Fire tablets because of amazingly stupid flaws that had existed for many years in FireOS. Specifically security vulnerabilities in the privilege escalation and authentication libraries which allowed childs play simple exploits against upstream Amazon cloud architecture. Whilst the vulnerabilities were confirmed and subsequently patched, Amazon failed to publish security errata, CVE information of any description or to make public the extent of the huge vulnerabilities affecting millions of devices used in homes globally.

Fire tablets are fantastic devices that extend Amazon capabilities importantly into the home and have often been the first touch device for millions of children outside of the more expensive iPad world or more expensive Android tablets.

So why did Amazon, when they were aware of such massive vulnerabilities affecting tens of millions of users never publish a single solitary release of information for users in households across the world ? Conversely why didn't they inform any of their partners in any of the educational institutions globally that they support by way of donation or have sold Fire tablets to. Knowing those massive privacy impacting holes that were simply exploited had been discovered and now thanks to a UK security engineer detailing them to Amazon - patched.

A breach of confidence in the world's biggest consumer technology provider and online cloud retailer ?

But more worryingly, fully aware that the engineer reporting the vulnerability, one of the worlds most widely known Open Source engineers, was the victim of long term domestic abuse using the devices, went quiet.

A victim of actual domestic violence perpetuated using two of their devices.

They tried to cover up the story. This is the podcast that shines a light on what happened and ends with a full and unabridged explanation from the Principal Engineer involved in the security dilemma that explained how Amazon PR and Legal instructed a cover up and non reporting in errata and changelogs of the security holes.

Yet an SEC listed company freshly fined by the FTC deciding to do this is a shocker. So now is it appropriate that the FBI and the SEC now find themselves involved and Amazon forced to cooperate ?

Either way I want a rather plump damages cheque for the bugs I brought in and the impact and upset caused to my family.