Kindle Touch: messy firmware, unsecure device

[thebestjeter]

I was going to buy myself a Kindle Touch, but since I have found out how easy would be to install a hack on it from the Internet and take remotely control of the device, I am not longer considering it as an option.

If you guys want the long story, you should read here, here and here (well, in Spanish, but you can use Google Translator).

Basically, someone can take advantage of the Mp3 player vulnerability of the Kindle Touch and install a hack using a MP3 file when you are using the Web Browser. This hack would start running once you device goes to sleep mode.

This hack could steal my credit card number, my Amazon account information and even buy things and have them shipped to a different shipping address.

Actually, it's said here:

Quote:

As a developer, I find that would be extremely simple to take total control of the device, in order to, for instance, try to obtain the credit card number that you use to buy with 1-Click . It would be as easy as to put a malicious MP3 file on the Internet. This Mp3 files would install an update that would allow to take remotely control of the device. Nothing unreasonable, so take great care when you are using the browser, because the Webkit isn't really secure.

After all, the Kindle Touch has a messy firmware

I'm really dissapointed and upset.

I think I'm going to buy a Sony this time.

[toadhall]

Wasn't the MP3 hack disabled in the latest 5.0.3 firmware?

Also, why would you want to put strange MP3s you downloaded off the internet on to your Touch?

[nynaevelan]

Quote:

Originally Posted by toadhall

Also, why would you want to put strange MP3s you downloaded off the internet on to your Touch?

Also, the kindle is no different than other devices as I've seen from reading the boards. It seems they are all open to be hacked, rooted, jailbroken or whatever they are calling it. But the key is, they are not vulnerable shipped from the manufacturer, they become vulnerable when the user chooses to jailbreak, hack, root them. Therefore, if you do not use strange files where you cannot verify the source, then you are in no danger.

[Rebecca_06]

Quote:

Originally Posted by toadhall

Wasn't the MP3 hack disabled in the latest 5.0.3 firmware?

Yes, this has been fixed by Amazon.

However, in reference to the OP's Sony comment, I can't recommend the Sony ereaders enough, particularly if you use Calibre. I love my KT, but I'm quite sad that it doesn't play very nicely with Calibre, and it's difficult to manage my collections. Like anything else, the KT is good for some people and not so good for others, depending on how you like to manage your library.

[thebestjeter]

Quote:

Originally Posted by nynaevelan

Therefore, if you do not use strange files where you cannot verify the source, then you are in no danger.

Not quite. What the guy I'm liking to is arguing is that since the Kindle Touch has such a messy firmware, if you are visiting a web site using the Kindle Web Browser that have a MP3 player playing music in the background and that MP3 files is a malicious one, that MP3 files could install a hack onto your Kindle in order to take remotely control of it. That is, he is not talking about a file you have sideloaded onto your Kindle, but a file that you come across when you are using the Web Browser.

Even more, this hack could be installed without actually downloading anything to your Kindle. The only thing needed is that you visit that site with a malicious Mp3 files playing in the background.

That is the risk and it is really serious.

[yifanlu]

Quote:

Originally Posted by thebestjeter

I was going to buy myself a Kindle Touch, but since I have found out how easy would be to install a hack on it from the Internet and take remotely control of the device, I am not longer considering it as an option.

If you guys want the long story, you should read here, here and here (well, in Spanish, but you can use Google Translator).

Basically, someone can take advantage of the Mp3 player vulnerability of the Kindle Touch and install a hack using a MP3 file when you are using the Web Browser. This hack would start running once you device goes to sleep mode.

This hack could steal my credit card number, my Amazon account information and even buy things and have them shipped to a different shipping address.

Actually, it's said here:




After all, the Kindle Touch has a messy firmware

I'm really dissapointed and upset.

I think I'm going to buy a Sony this time.

I'm appealed at the amount of disinformation that one paragraph you quoted contains. I don't have the time to read all the stuff, but I'll break down the quote.

Quote:

As a developer,

For the reasons I've listed below, I hope you stick with developing and not "analyzing" other people's works until you have a better understanding of things.

Quote:

I find that would be extremely simple to take total control of the device, in order to, for instance, try to obtain the credit card number that you use to buy with 1-Click .

Your credit card number is NOT stored anywhere close to your kindle. It's secure and encrypted on Amazon's servers. The worst a thief can do is buy kindle books using your account (which amazon has been known to refund) and that's assuming that they have complete control over your device, which means physically stealing your device.

Quote:

It would be as easy as to put a malicious MP3 file on the Internet.

You MUST manually download and copy a "malicious" MP3 to the device using USB. The internet browser doesn't allow playing or downloading MP3s. Even if you download a malicious MP3 and copy it to the USB, you can see something is odd when you find that the song name as shown by Explorer or Finder is gibberish.

Quote:

This Mp3 files would install an update that would allow to take remotely control of the device.

First of all, 5.0.3 has fixed the MP3 exploit, but that is besides the point. A hacker that wants control of your device will most likely do a targeted attack. Which means the hacker knows you and wants something specific from YOUR kindle. This is because it is not economically viable to do a mass kindle hack. Hackers would make more money hacking something like android phones or iphones. The worst they can do with complete control of your device is 1) copy your books, 2) find out what you're reading, and 3) make kindle book purchases under your device (again, refundable by amazon and this is just as if the hacker physically stole your device).

Quote:

Nothing unreasonable, so take great care when you are using the browser, because the Webkit isn't really secure.

WebKit is one of the most secure web rendering systems. Why? Because it is used by Google Chrome, Safari, Android, iphones and so much more. The reason why people have a notion that it is unsecure is because there are webkit "exploits" announced often. This is because of the popularity of the platform, there are more attackers targeting it. AND most of these exploits are useless as they require a specific condition that is not easily satisfied, especially on a stripped down device like the kindle. (Believe me, I tried using dozens of webkit exploits to hack the Kindle and none worked).

If I have the time, I'll translate the site posted by OP and post out more reasons why the arguments it presented are filled with inaccuracies, baseless assumptions, and uneducated lies.

[thebestjeter]

Quote:

Originally Posted by yifanlu

If I have the time, I'll translate the site posted by OP and post out more reasons why the arguments it presented are filled with inaccuracies, baseless assumptions, and uneducated lies.

Thank you very much, Yifanlu.

I hope you'll have the time to do so.

[rfog]

Quote:

Originally Posted by yifanlu

I'm appealed at the amount of disinformation that one paragraph you quoted contains. I don't have the time to read all the stuff, but I'll break down the quote.


For the reasons I've listed below, I hope you stick with developing and not "analyzing" other people's works until you have a better understanding of things.


Your credit card number is NOT stored anywhere close to your kindle. It's secure and encrypted on Amazon's servers. The worst a thief can do is buy kindle books using your account (which amazon has been known to refund) and that's assuming that they have complete control over your device, which means physically stealing your device.


You MUST manually download and copy a "malicious" MP3 to the device using USB. The internet browser doesn't allow playing or downloading MP3s. Even if you download a malicious MP3 and copy it to the USB, you can see something is odd when you find that the song name as shown by Explorer or Finder is gibberish.


First of all, 5.0.3 has fixed the MP3 exploit, but that is besides the point. A hacker that wants control of your device will most likely do a targeted attack. Which means the hacker knows you and wants something specific from YOUR kindle. This is because it is not economically viable to do a mass kindle hack. Hackers would make more money hacking something like android phones or iphones. The worst they can do with complete control of your device is 1) copy your books, 2) find out what you're reading, and 3) make kindle book purchases under your device (again, refundable by amazon and this is just as if the hacker physically stole your device).


WebKit is one of the most secure web rendering systems. Why? Because it is used by Google Chrome, Safari, Android, iphones and so much more. The reason why people have a notion that it is unsecure is because there are webkit "exploits" announced often. This is because of the popularity of the platform, there are more attackers targeting it. AND most of these exploits are useless as they require a specific condition that is not easily satisfied, especially on a stripped down device like the kindle. (Believe me, I tried using dozens of webkit exploits to hack the Kindle and none worked).

If I have the time, I'll translate the site posted by OP and post out more reasons why the arguments it presented are filled with inaccuracies, baseless assumptions, and uneducated lies.

@yifanlu, I'm the developer has said KT is unsecure, based in reading your messages.

If you read in depth my messages in Spanish, I'm talking about potential problems, not true and real ones.

Hypotetically talking, one malicious website can take control of your Kindle using some Webkit vulnerability allowing write into user partition the tar update file that will install whatever thing website wants.

Other way, thebestjeter is catalogued as troll by a lot of people in Lectores Electronicos (origin of the discussion), and now he is trolling here in a try to discredit me by any reason I cannot imagine. For me, the issue is closed.

Do not lose time in this subject.

[yifanlu]

I'm sorry for being harsh. Again, I did not read the whole site and my entire post was based on that one quote. I am also sorry if that quote did not represent your entire opinion. However, I do not like scaring users with "potential" attacks. Some don't know better and think and a potential attack means it will be reality in a week.

[HarryT]

Quote:

Originally Posted by thebestjeter

Basically, someone can take advantage of the Mp3 player vulnerability of the Kindle Touch and install a hack using a MP3 file when you are using the Web Browser. This hack would start running once you device goes to sleep

Your information is rather out of date. The vulnerability you refer to was fixed in the 5.0.3 firmware update.

[Zippity]

Appalled and "appealed" mean completely different things

[toadhall]

thebestjeter, are you still going to get a Sony reader now?

[HarryT]

Quote:

Originally Posted by toadhall

thebestjeter, are you still going to get a Sony reader now?

Both the Kindle Touch and the Sony PRS-T1 are very nice readers indeed. It basically boils down to one's preference in bookstores. Personally I think that Amazon have by far the best bookstore, which is why I have a Kindle Touch. If one's preference is for ePub books, the T1 is an equally good choice.

[JoeD]

Keep in mind security flaws exist in pretty much every device going. You could remotely hack/root an iOS device not too long ago just by visiting a webpage in safari that contained a crafted pdf document, other browsers have had font, css and javascript exploits.

The only reason to put off a purchase is if the company behind the product keeps their head in the sand rather that accepting the flaw and issuing an update.

[HarryT]

Quote:

Originally Posted by JoeD

Keep in mind security flaws exist in pretty much every device going. You could remotely hack/root an iOS device not too long ago just by visiting a webpage in safari that contained a crafted pdf document, other browsers have had font, css and javascript exploits.

Some of the claims made, though, were wrong. Even before the MP3 ID3-tag scripting exploit was fixed, you couldn't "infect" a Kindle by visiting a site which played an MP3 as background music, as claimed, for the simple reason that the Kindle's browser doesn't play music, and will make no attempt to load such a file.