Bernard Wagner, a researcher at MWR Labs, has reported flaws in the Fire phone that could allows apps to install certificates without interaction with users.
The CertInstaller tool facilitates the installation of certificates in apps. But the flaws discovered by Wagner mean that apps which don’t use certificate pinning are vulnerable to traffic interception. This in turn could lead to man-in-the-middle attacks. This kind of attack is used by attackers to secretly relay and possibly alter communications between two unknowing parties, who believe they are talking directly between themselves.
A third flaw discovered by Wagner relates to the ADB debugging feature of the operating system. ADB is a tool that allows users to perform actions that assist in development or debugging, allowing users to access various functions and data within the device. The phone is reported to not enforce secure debugging, meaning attackers could install or uninstall apps, bypass the lock screen and steal data, among other things.
Fire phone users should update their software, as the flaws are being addressed.
http://www.theregister.co.uk/2015/06/30/amazon_douses_fire_phone_maninthemiddle_diddle/
MWR have also published the details of these findings in two whitepapers:
https://labs.mwrinfosecurity.com/system/assets/994/original/mwri_fire_phone_uid_silent_cert_install.pdf
https://labs.mwrinfosecurity.com/system/assets/991/original/mwri_amazon_fire_no_secure_usb_debugging.pdf
