Thread: Kindle Touch: messy firmware, unsecure device
View Single Post
Old 01-24-2012, 04:45 PM   #8
rfog
Guru
rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.rfog ought to be getting tired of karma fortunes by now.
 
Posts: 696
Karma: 2383012
Join Date: Aug 2007
Location: Schiedam (The Netherlands)
Device: Lots of eInk devices and iOS stuff
Quote:
Originally Posted by yifanlu View Post
I'm appealed at the amount of disinformation that one paragraph you quoted contains. I don't have the time to read all the stuff, but I'll break down the quote.


For the reasons I've listed below, I hope you stick with developing and not "analyzing" other people's works until you have a better understanding of things.


Your credit card number is NOT stored anywhere close to your kindle. It's secure and encrypted on Amazon's servers. The worst a thief can do is buy kindle books using your account (which amazon has been known to refund) and that's assuming that they have complete control over your device, which means physically stealing your device.


You MUST manually download and copy a "malicious" MP3 to the device using USB. The internet browser doesn't allow playing or downloading MP3s. Even if you download a malicious MP3 and copy it to the USB, you can see something is odd when you find that the song name as shown by Explorer or Finder is gibberish.


First of all, 5.0.3 has fixed the MP3 exploit, but that is besides the point. A hacker that wants control of your device will most likely do a targeted attack. Which means the hacker knows you and wants something specific from YOUR kindle. This is because it is not economically viable to do a mass kindle hack. Hackers would make more money hacking something like android phones or iphones. The worst they can do with complete control of your device is 1) copy your books, 2) find out what you're reading, and 3) make kindle book purchases under your device (again, refundable by amazon and this is just as if the hacker physically stole your device).


WebKit is one of the most secure web rendering systems. Why? Because it is used by Google Chrome, Safari, Android, iphones and so much more. The reason why people have a notion that it is unsecure is because there are webkit "exploits" announced often. This is because of the popularity of the platform, there are more attackers targeting it. AND most of these exploits are useless as they require a specific condition that is not easily satisfied, especially on a stripped down device like the kindle. (Believe me, I tried using dozens of webkit exploits to hack the Kindle and none worked).

If I have the time, I'll translate the site posted by OP and post out more reasons why the arguments it presented are filled with inaccuracies, baseless assumptions, and uneducated lies.
@yifanlu, I'm the developer has said KT is unsecure, based in reading your messages.

If you read in depth my messages in Spanish, I'm talking about potential problems, not true and real ones.

Hypotetically talking, one malicious website can take control of your Kindle using some Webkit vulnerability allowing write into user partition the tar update file that will install whatever thing website wants.

Other way, thebestjeter is catalogued as troll by a lot of people in Lectores Electronicos (origin of the discussion), and now he is trolling here in a try to discredit me by any reason I cannot imagine. For me, the issue is closed.

Do not lose time in this subject.
rfog is offline   Reply With Quote