Quote:
Originally Posted by thebestjeter
I was going to buy myself a Kindle Touch, but since I have found out how easy would be to install a hack on it from the Internet and take remotely control of the device, I am not longer considering it as an option.
If you guys want the long story, you should read here, here and here (well, in Spanish, but you can use Google Translator).
Basically, someone can take advantage of the Mp3 player vulnerability of the Kindle Touch and install a hack using a MP3 file when you are using the Web Browser. This hack would start running once you device goes to sleep mode.
This hack could steal my credit card number, my Amazon account information and even buy things and have them shipped to a different shipping address.
Actually, it's said here:
After all, the Kindle Touch has a messy firmware
I'm really dissapointed and upset. 
I think I'm going to buy a Sony this time. |
I'm appealed at the amount of disinformation that one paragraph you quoted contains. I don't have the time to read all the stuff, but I'll break down the quote.
For the reasons I've listed below, I hope you stick with developing and not "analyzing" other people's works until you have a better understanding of things.
Quote:
|
I find that would be extremely simple to take total control of the device, in order to, for instance, try to obtain the credit card number that you use to buy with 1-Click .
|
Your credit card number is NOT stored anywhere close to your kindle. It's secure and encrypted on Amazon's servers. The worst a thief can do is buy kindle books using your account (which amazon has been known to refund) and that's assuming that they have complete control over your device, which means physically stealing your device.
Quote:
|
It would be as easy as to put a malicious MP3 file on the Internet.
|
You MUST manually download and copy a "malicious" MP3 to the device using USB. The internet browser doesn't allow playing or downloading MP3s. Even if you download a malicious MP3 and copy it to the USB, you can see something is odd when you find that the song name as shown by Explorer or Finder is gibberish.
Quote:
|
This Mp3 files would install an update that would allow to take remotely control of the device.
|
First of all, 5.0.3 has fixed the MP3 exploit, but that is besides the point. A hacker that wants control of your device will most likely do a targeted attack. Which means the hacker knows you and wants something specific from YOUR kindle. This is because it is not economically viable to do a mass kindle hack. Hackers would make more money hacking something like android phones or iphones. The worst they can do with complete control of your device is 1) copy your books, 2) find out what you're reading, and 3) make kindle book purchases under your device (again, refundable by amazon and this is just as if the hacker physically stole your device).
Quote:
|
Nothing unreasonable, so take great care when you are using the browser, because the Webkit isn't really secure.
|
WebKit is one of the most secure web rendering systems. Why? Because it is used by Google Chrome, Safari, Android, iphones and so much more. The reason why people have a notion that it is unsecure is because there are webkit "exploits" announced often. This is because of the popularity of the platform, there are more attackers targeting it. AND most of these exploits are useless as they require a specific condition that is not easily satisfied, especially on a stripped down device like the kindle. (Believe me, I tried using dozens of webkit exploits to hack the Kindle and none worked).
If I have the time, I'll translate the site posted by OP and post out more reasons why the arguments it presented are filled with inaccuracies, baseless assumptions, and uneducated lies.