With Kindles once again jailbroken, I put forward that:
1. It is completely unsafe to ever enter your Amazon account credentials into an Used Kindle
2. It is possibly unsafe sell a non-jailbroken Kindle that has ever had your credentials.
I will explain my reasoning, and you can tell me I'm overly paranoid.
Buying an used Kindle:
- it is trivial to install code on a Kindle that will survive either a Factory Reset or a firmware installation.
- I see no reason why someone can't modify the list of files preserved across Factory Reset to preserve an installation across both Factory Reset and firmware install
- There are three files that are common knowledge, but there may be others that can be preserved.
- It is straightforward to put code that waits for a token to be entered (probably by watching for LIPC Event), and sending that to C&C endpoint.
- The tokens on the device are sufficient for purchasing titles, as well as obtaining Wifi credentials from every device on the account
Selling an used Kindle:
- Kindles do not overwrite files on Factory Reset
- Token(s) are preserved on the filesystem, and have a consistent format
- Once a Kindle is jailbroken by the new owner, they can extract these tokens
- It is unclear how long the preserved tokens are valid for!!
I think the answer is for there to be a push for Amazon to release the full software installation process - presumably this is over a "special" usb cable - so users can be confident that the device isn't "contaminated"
Meanwhile, anyone buying an used device needs to trust in the Kindness of Strangers.