5.6.5 Jailbreak (closed-kindle) -- released! - Page 13

knc1 · 10-24-2015, 09:43 AM

Quote:

Originally Posted by Rizla

Seeing as it's installed by a user on their device (presumably connected to their computer via a cable), and another user cannot access it remotely, I don't see any practical threat, but obviously you know a lot more about it than me, and I understand your reluctance to discuss the details.

Edit: Okay, I see that if the device is rooted, theoretically connecting to a malicious web page could be a threat.

I was only an interested bystander and all I know are the general principles involved.
Plus, B.D. spent months of work on it.

Its his story to tell, not mine.

I am just trying to do my 'helpdesk' thing here.

big_leopard · 10-24-2015, 12:29 PM

Is there any chance that the tool released sooner than 31/10

May be it's a superfluous question

Branch Delay · 10-24-2015, 01:00 PM

See, this is why I liked the idea locking the thread. Trust me, I'm an internet pro, saw the thread devolving into chaos a mile away.

Now everyone is salty for no good reason.

eschwartz · 10-24-2015, 11:38 PM

Quote:

Originally Posted by Branch Delay

See, this is why I liked the idea locking the thread. Trust me, I'm an internet pro, saw the thread devolving into chaos a mile away.

Now everyone is salty for no good reason.

I'll try to keep things less chaotic, but I'm offline during the Shabbos.

...

And for the record, all three parties got deleted -- I'm not playing favorites.

roguefan99 · 10-25-2015, 01:48 AM

Quote:

Originally Posted by Branch Delay

See, this is why I liked the idea locking the thread. Trust me, I'm an internet pro, saw the thread devolving into chaos a mile away.

Now everyone is salty for no good reason.

I wouldn't take it that way, it's just the people who are impatient are louder that the ones who know to wait. I noticed in your first post that you stated you hoped to release before the end of October, but it looks like many others didn't notice it. Please keep us updated on the process, and I hope you can release in the near future..... Meanwhile I will go back to waiting. Oh and Thanks for all the work you have done.

Branch Delay · 10-25-2015, 02:26 AM

I don't actually care about moderating this thread. If it devolves into several hundred people insulting me I'm still releasing this. Don't have to worry about moderation -- up to you.

Want to reiterate a few things:

#1 -- Tested on very few devices. This might not work on a majority of them -- we'll find out shortly. The fact that it worked on NiLuJe's device is promising, but that's all I have to go on.

#2 -- First release will be difficult to use for the average user. A much easier version will probably come out shortly after depending on how busy I am. Will release a blog entry on how this all works later. (definitely after the patch)

#3 -- A few people are concerned about malicious actors using this to brick devices. I wouldn't be. Assuming someone wants to spend the equivalent of tens of thousands of dollars to brick a $100 Kindle..up to them? Would patch as soon as you can though.

notimp · 10-25-2015, 02:51 AM

Thank you for the heads up.

Love the little cynicism in #3 as well.

knc1 · 10-25-2015, 03:50 AM

Quote:

Originally Posted by Branch Delay

- - - - -
#3 -- A few people are concerned about malicious actors using this to brick devices. I wouldn't be. Assuming someone wants to spend the equivalent of tens of thousands of dollars to brick a $100 Kindle..up to them? Would patch as soon as you can though.

The security of electronic devices has to be based on possibilities, not (just) probabilities.

Remote bricking of a device in the case of the Kindles?
As B.D. writes: "why bother?".

BUT

There is no way to know if anything other than e-books is being stored on a Kindle.
In fact, the applications in the Kindle Menu package make it very easy to store 'information' other than books.

I'll save the casual reader from searching for that reference -
Kindle Menu brings a lot of "PDA style" applications to the Kindle.
The Kindles already have all of the info-structure required to do silent software (malware) distribution preinstalled and running.
A "Simda Style" Botnet is a very real possibility.
(a "what's that" ref: https://www.us-cert.gov/ncas/alerts/TA15-105A)
Kindles are not used **exclusively** as stand-alone computers.
They can be attached to any computer and will appear as a USB storage device.
USB storage devices are an all too common distribution vector of malware, including botnet malware.

With that possibility, the information sources to be mined and/or harvested is vastly expanded from that which would be stored on the Kindle itself.

My point above being that it is not the probabilities that are the determining factor, but the possibilities.

notimp · 10-25-2015, 04:21 AM

This ventures into the area of risk assessment. There might be applications that can be used to bring untethered PDA functionality to Kindles, but what percentage of users is actually using them (Kindle as a primary note taking device that cant be tethered, ...), and is it high enough for an attacker to jump on that vector.

For very targeted attempts maybe, but as a broad concern, no way.

Responsible disclosure is important, if it is that open of a vector (even if it uses the webbrowser, not many people use the one on a Kindle - if the vector is a modified eBook that somehow can do code execution on its own, this would be the highest risk profile ("familiar" content loaded from unknown sources)).

Also a Kindle is not a device you can secure in any way against unwanted access to non system partitions - so there isnt even a reasonable presumption of security for personal documents.

The trick here is not to "imagine what is possible" but to be reasonable in the measures you take to allow for this to be fixed by the manufacturer, so the likelihood of it being exploited against user interests goes way down in addition to not being very high in the first place.

If Amazon doesnt respond, the practice in most cases is to release anyway - except if the risk profile is somehow seen as "exceptionally high". That is to promote manufacturers to move on security issues at all. Because it costs money.

Also, as this possibly is a first vector into understanding Amazons new proprietary file format - there even is heightened interest from a societal perspective.

knc1 · 10-25-2015, 09:32 AM

All good examples of how **probabilities** are the specific domain of risk assessment.

Another important component of risk assessment is mitigation assessment.
If a **possibility** is easily avoided or circumvented, then it isn't very much of a risk.

But mitigation depends on communications -

We (this site in general) only communicates with less than 1% of the affected device owners (that is a generous estimate of our readership).
Amazon has "communications" (through OTA broadcast updates) with all affected devices.
So risk assessment and mitigation should best be in their hands, not ours.

notimp · 10-25-2015, 11:01 AM

Kindles dont usually communicate with each other, they communicate with Amazon services.

So to mitigate the connected PC would become the driver of this process at which point, we could just as well talk about the security of USB sticks (which we all know is broken, and we all know it for years already and it just continues to be that way, because manufacturers dont want to sign their drivers on those cheap devices).

I restrained myself from talking about the mitigation side of the issue almost on purpose, as I caught myself not having mentioned it in the posting before and then decided not to edit.

Also, you are right, at this point, we are talking about probabilities and not about whatever someone can dream as a risk profile. We should look at the broader implications - but really an inner drive to protect companies interest through seeding an inkling of fear, that we all should resent the possibility of opening the "secure Kindle package", because somehow - we all could end up with broken devices, doesnt feel right.

Also - this is not the platform to talk about this in all its specifics, just rest assured, that the OP can release the exploit, and responsible public disclosure is a widely recognised way of handling such affairs.

knc1 · 10-25-2015, 01:23 PM

Quote:

Originally Posted by notimp

- - - -
Also - this is not the platform to talk about this in all its specifics, just rest assured, that the OP can release the exploit, and responsible public disclosure is a widely recognized way of handling such affairs.

Good things for our 'silent majority' to keep in mind.

I suspect that the majority of our readership are not site members.
Just e-book owners who want to add some feature to their device.

Here we have a site that gives away add-in features.
No charge, not even the requirement of registering as a member.

Over the years, the readership has learned that the things distributed here by our membership "just works" (and if not, we fix it quickly).

Almost too good to be true.

The careful owner probably asks themselves:
"Can this be for real? Can I trust these people / this site?".

Having a bit of the background discussed about what has become "public buzzwords" is probably a good way to spend the time while we all wait for the end of the month.

The actual technical details behind those buzzwords would probably be just boring reading to the non-technical readership here.

Our readership probably only wants to see that we are taking this matter seriously and trying to handle it in an accepted, responsible manner.

grant2 · 10-26-2015, 12:16 AM

Quote:

Originally Posted by Branch Delay

Amazon security team isn't responding to my e-mails at this point. Will release Oct 31st.

i'd wager the issue is lost in a bit bureaucratic bermuda triangle within their IT department

yoojin · 10-26-2015, 07:40 AM

Quick update: At the time of this post, this page does not show any new update versions as released by Amazon.

My question is this: based on the past, does Amazon have a history of silently releasing updates in the middle of the night? Do they tend to release on certain days? (Tuesdays, for example?) Would it be safe to buy a new book out of airplane mode?

oblox · 10-26-2015, 07:44 AM

Buy the book and download it then side load. Safe as anything.

Other than that you could try the folder naming trick to try and stop any updates (its not guaranteed but a few people have said it stopped theirs updating to 5.6.5).

Or if you must wifi it to your kindle then then buy it on another device and then just turn wifi on to download so its on for the shortest time.

10-25-2015, 02:26 AM	#186
Branch Delay Connoisseur Posts: 95 Karma: 1699999 Join Date: Aug 2015 Device: Voyage	I don't actually care about moderating this thread. If it devolves into several hundred people insulting me I'm still releasing this. Don't have to worry about moderation -- up to you. Want to reiterate a few things: #1 -- Tested on very few devices. This might not work on a majority of them -- we'll find out shortly. The fact that it worked on NiLuJe's device is promising, but that's all I have to go on. #2 -- First release will be difficult to use for the average user. A much easier version will probably come out shortly after depending on how busy I am. Will release a blog entry on how this all works later. (definitely after the patch) #3 -- A few people are concerned about malicious actors using this to brick devices. I wouldn't be. Assuming someone wants to spend the equivalent of tens of thousands of dollars to brick a $100 Kindle..up to them? Would patch as soon as you can though. Last edited by Branch Delay; 10-25-2015 at 02:36 AM.

10-25-2015, 04:21 AM	#189
notimp Addict Posts: 248 Karma: 892441 Join Date: Jul 2010 Device: K2i	This ventures into the area of risk assessment. There might be applications that can be used to bring untethered PDA functionality to Kindles, but what percentage of users is actually using them (Kindle as a primary note taking device that cant be tethered, ...), and is it high enough for an attacker to jump on that vector. For very targeted attempts maybe, but as a broad concern, no way. Responsible disclosure is important, if it is that open of a vector (even if it uses the webbrowser, not many people use the one on a Kindle - if the vector is a modified eBook that somehow can do code execution on its own, this would be the highest risk profile ("familiar" content loaded from unknown sources)). Also a Kindle is not a device you can secure in any way against unwanted access to non system partitions - so there isnt even a reasonable presumption of security for personal documents. The trick here is not to "imagine what is possible" but to be reasonable in the measures you take to allow for this to be fixed by the manufacturer, so the likelihood of it being exploited against user interests goes way down in addition to not being very high in the first place. If Amazon doesnt respond, the practice in most cases is to release anyway - except if the risk profile is somehow seen as "exceptionally high". That is to promote manufacturers to move on security issues at all. Because it costs money. Also, as this possibly is a first vector into understanding Amazons new proprietary file format - there even is heightened interest from a societal perspective. Last edited by notimp; 10-25-2015 at 04:33 AM.

10-25-2015, 11:01 AM	#191
notimp Addict Posts: 248 Karma: 892441 Join Date: Jul 2010 Device: K2i	Kindles dont usually communicate with each other, they communicate with Amazon services. So to mitigate the connected PC would become the driver of this process at which point, we could just as well talk about the security of USB sticks (which we all know is broken, and we all know it for years already and it just continues to be that way, because manufacturers dont want to sign their drivers on those cheap devices). I restrained myself from talking about the mitigation side of the issue almost on purpose, as I caught myself not having mentioned it in the posting before and then decided not to edit. Also, you are right, at this point, we are talking about probabilities and not about whatever someone can dream as a risk profile. We should look at the broader implications - but really an inner drive to protect companies interest through seeding an inkling of fear, that we all should resent the possibility of opening the "secure Kindle package", because somehow - we all could end up with broken devices, doesnt feel right. Also - this is not the platform to talk about this in all its specifics, just rest assured, that the OP can release the exploit, and responsible public disclosure is a widely recognised way of handling such affairs. Last edited by notimp; 10-25-2015 at 12:42 PM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
KINDLE DEAL: Released: A Story of God’s Power Released in Pro Baseball ($	gospelebooks	Deals and Resources (No Self-Promotion or Affiliate Links)	0	07-14-2011 09:12 PM
iPad iPad jailbreak released	scottjl	Apple Devices	25	05-08-2010 02:20 PM

10-24-2015, 12:29 PM	#182
big_leopard Member Posts: 10 Karma: 7282 Join Date: Oct 2015 Device: Paperwhite 2	Is there any chance that the tool released sooner than 31/10 May be it's a superfluous question

10-24-2015, 01:00 PM	#183
Branch Delay Connoisseur Posts: 95 Karma: 1699999 Join Date: Aug 2015 Device: Voyage	See, this is why I liked the idea locking the thread. Trust me, I'm an internet pro, saw the thread devolving into chaos a mile away. Now everyone is salty for no good reason.

10-25-2015, 02:51 AM	#187
notimp Addict Posts: 248 Karma: 892441 Join Date: Jul 2010 Device: K2i	Thank you for the heads up. Love the little cynicism in #3 as well.

10-25-2015, 09:32 AM	#190
knc1 Going Viral Posts: 17,212 Karma: 18210809 Join Date: Feb 2012 Location: Central Texas Device: No K1, PW2, KV, KOA	All good examples of how probabilities are the specific domain of risk assessment. Another important component of risk assessment is mitigation assessment. If a possibility is easily avoided or circumvented, then it isn't very much of a risk. But mitigation depends on communications - We (this site in general) only communicates with less than 1% of the affected device owners (that is a generous estimate of our readership). Amazon has "communications" (through OTA broadcast updates) with all affected devices. So risk assessment and mitigation should best be in their hands, not ours.

10-26-2015, 07:40 AM	#194
yoojin Junior Member Posts: 9 Karma: 10 Join Date: Oct 2013 Device: Kindle Paperwhite (2013)	Quick update: At the time of this post, this page does not show any new update versions as released by Amazon. My question is this: based on the past, does Amazon have a history of silently releasing updates in the middle of the night? Do they tend to release on certain days? (Tuesdays, for example?) Would it be safe to buy a new book out of airplane mode?

10-26-2015, 07:44 AM	#195
oblox Zealot Posts: 135 Karma: 1007000 Join Date: Sep 2013 Device: Kindle Paperwhite (7th Gen)	Buy the book and download it then side load. Safe as anything. Other than that you could try the folder naming trick to try and stop any updates (its not guaranteed but a few people have said it stopped theirs updating to 5.6.5). Or if you must wifi it to your kindle then then buy it on another device and then just turn wifi on to download so its on for the shortest time.