Quote:
Originally Posted by susan_cassidy
Books themselves are not executable. You'd be more likely to encounter a problem using a browser on the reader, and having the browser hijacked.
For example, Kindle is based on Linux, so if you installed an executable (Linux-based) on it, and managed to execute it, the program could do some sort of damage, but just reading books isn't going to do anything, as far as I can see.
Don't know what Sony is based on, but the same principle applies. You aren't executing books.
|
You can still have issues with non executable data. For example loading the text from a book could cause a buffer overflow which can then use the remainder of the "text" as executable code. Loading a webpage in a browser can have similar exploits, although many browsers have fixed these over the years there may still be bugs lurking.
Same can be said for downloading a movie, if there's a exploit for the player you use to view it, the movie could be crafted to expoit it.
Although the exact type of attack depends on how the OS segregates code and data, some now include extra checking to mitigate stack overflows and other buffer based attacks.
That said, ereaders are likely a very low target. How many people do their banking on a kindle or enter other critical passwords? Even CC may be already stored on the site you buy books from so targetting an ereader doesn't really sound like it'd be worth it for anyone bent on doing no good.