01-24-2012, 01:36 PM | #1 | |
Addict
Posts: 208
Karma: 757546
Join Date: Sep 2010
Device: Kindle 3 Wifi and Kindle DX Graphite
|
Kindle Touch: messy firmware, unsecure device
I was going to buy myself a Kindle Touch, but since I have found out how easy would be to install a hack on it from the Internet and take remotely control of the device, I am not longer considering it as an option.
If you guys want the long story, you should read here, here and here (well, in Spanish, but you can use Google Translator). Basically, someone can take advantage of the Mp3 player vulnerability of the Kindle Touch and install a hack using a MP3 file when you are using the Web Browser. This hack would start running once you device goes to sleep mode. This hack could steal my credit card number, my Amazon account information and even buy things and have them shipped to a different shipping address. Actually, it's said here: Quote:
I'm really dissapointed and upset. I think I'm going to buy a Sony this time. |
|
01-24-2012, 01:46 PM | #2 |
Member
Posts: 18
Karma: 3550
Join Date: Nov 2011
Location: Kuala Lumpur, Malaysia
Device: iPad, Kindle Touch
|
Wasn't the MP3 hack disabled in the latest 5.0.3 firmware?
Also, why would you want to put strange MP3s you downloaded off the internet on to your Touch? |
Advert | |
|
01-24-2012, 03:12 PM | #3 |
eBook Junkie
Posts: 1,526
Karma: 1464018
Join Date: May 2010
Location: USA
Device: Kindle Fire 2020, Kindle PW2
|
Also, the kindle is no different than other devices as I've seen from reading the boards. It seems they are all open to be hacked, rooted, jailbroken or whatever they are calling it. But the key is, they are not vulnerable shipped from the manufacturer, they become vulnerable when the user chooses to jailbreak, hack, root them. Therefore, if you do not use strange files where you cannot verify the source, then you are in no danger.
|
01-24-2012, 03:18 PM | #4 |
Member
Posts: 19
Karma: 10
Join Date: Jan 2012
Device: Kindle PW
|
Yes, this has been fixed by Amazon.
However, in reference to the OP's Sony comment, I can't recommend the Sony ereaders enough, particularly if you use Calibre. I love my KT, but I'm quite sad that it doesn't play very nicely with Calibre, and it's difficult to manage my collections. Like anything else, the KT is good for some people and not so good for others, depending on how you like to manage your library. |
01-24-2012, 03:49 PM | #5 | |
Addict
Posts: 208
Karma: 757546
Join Date: Sep 2010
Device: Kindle 3 Wifi and Kindle DX Graphite
|
Quote:
Even more, this hack could be installed without actually downloading anything to your Kindle. The only thing needed is that you visit that site with a malicious Mp3 files playing in the background. That is the risk and it is really serious. Last edited by thebestjeter; 01-24-2012 at 03:58 PM. |
|
Advert | |
|
01-24-2012, 04:10 PM | #6 | ||||||
Kindle Dissector
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
|
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
If I have the time, I'll translate the site posted by OP and post out more reasons why the arguments it presented are filled with inaccuracies, baseless assumptions, and uneducated lies. Last edited by yifanlu; 01-24-2012 at 04:12 PM. |
||||||
01-24-2012, 04:45 PM | #7 |
Addict
Posts: 208
Karma: 757546
Join Date: Sep 2010
Device: Kindle 3 Wifi and Kindle DX Graphite
|
|
01-24-2012, 04:45 PM | #8 | |
Guru
Posts: 695
Karma: 2383012
Join Date: Aug 2007
Location: Schiedam (The Netherlands)
Device: Lots of eInk devices and iOS stuff
|
Quote:
If you read in depth my messages in Spanish, I'm talking about potential problems, not true and real ones. Hypotetically talking, one malicious website can take control of your Kindle using some Webkit vulnerability allowing write into user partition the tar update file that will install whatever thing website wants. Other way, thebestjeter is catalogued as troll by a lot of people in Lectores Electronicos (origin of the discussion), and now he is trolling here in a try to discredit me by any reason I cannot imagine. For me, the issue is closed. Do not lose time in this subject. |
|
01-24-2012, 06:31 PM | #9 |
Kindle Dissector
Posts: 662
Karma: 475607
Join Date: Jul 2010
Device: Amazon Kindle 3
|
I'm sorry for being harsh. Again, I did not read the whole site and my entire post was based on that one quote. I am also sorry if that quote did not represent your entire opinion. However, I do not like scaring users with "potential" attacks. Some don't know better and think and a potential attack means it will be reality in a week.
|
01-25-2012, 03:03 AM | #10 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Your information is rather out of date. The vulnerability you refer to was fixed in the 5.0.3 firmware update.
|
01-25-2012, 03:20 AM | #11 |
Beginner
Posts: 18
Karma: 12
Join Date: Dec 2011
Location: New Zealand
Device: Sony PRS-T1 (SWMBO) & Kindle Touch (Me)
|
Appalled and "appealed" mean completely different things
|
01-25-2012, 05:02 AM | #12 |
Member
Posts: 18
Karma: 3550
Join Date: Nov 2011
Location: Kuala Lumpur, Malaysia
Device: iPad, Kindle Touch
|
thebestjeter, are you still going to get a Sony reader now?
|
01-25-2012, 05:43 AM | #13 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Both the Kindle Touch and the Sony PRS-T1 are very nice readers indeed. It basically boils down to one's preference in bookstores. Personally I think that Amazon have by far the best bookstore, which is why I have a Kindle Touch. If one's preference is for ePub books, the T1 is an equally good choice.
|
01-25-2012, 10:45 AM | #14 |
Guru
Posts: 895
Karma: 4383958
Join Date: Nov 2007
Device: na
|
Keep in mind security flaws exist in pretty much every device going. You could remotely hack/root an iOS device not too long ago just by visiting a webpage in safari that contained a crafted pdf document, other browsers have had font, css and javascript exploits.
The only reason to put off a purchase is if the company behind the product keeps their head in the sand rather that accepting the flaw and issuing an update. |
01-25-2012, 10:53 AM | #15 |
eBook Enthusiast
Posts: 85,544
Karma: 93383043
Join Date: Nov 2006
Location: UK
Device: Kindle Oasis 2, iPad Pro 10.5", iPhone 6
|
Some of the claims made, though, were wrong. Even before the MP3 ID3-tag scripting exploit was fixed, you couldn't "infect" a Kindle by visiting a site which played an MP3 as background music, as claimed, for the simple reason that the Kindle's browser doesn't play music, and will make no attempt to load such a file.
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Messy Format as Book vs Doc | rtudor | Kindle Fire | 2 | 12-27-2011 05:14 PM |
Torn: Nook Simple Touch, Kindle Touch, Basic Kindle | dblb48 | Which one should I buy? | 12 | 12-13-2011 02:34 PM |
Kindle Touch in Device Manager on Amazon.com | SubElement | Amazon Kindle | 1 | 10-24-2011 08:30 AM |
Kindle 3, Nook Simple Touch, Kobo Touch and Libra Pro Touch | jbcohen | Which one should I buy? | 4 | 06-18-2011 07:58 PM |
Messy / corrupt author sort | sweevo | Calibre | 2 | 09-03-2010 04:55 PM |