Kindle Touch XSS JailBreak
By on December 11th, 2011

The recently release Kindle Touch has been freed. Yifan Lu, freelance developer, has dug down and posted details on an exploit used to jailbreak Kindle OS 5.

Although it might look completely innocuous due to the e-ink display, the Kindle Touch is a relatively complex device. At the core of the device is an operating system built around HTML5 and Javascript. Unfortunately, the engineers at Amazon left some gaping holes in the system, allowing for a straight-forward XSS (cross site scripting) attack vector to be used.

By embedding HTML and JS calls into an MP3, Yifan Lu was able to hook into undocumented debug functions in order to execute code at root level. Not only did Amazon leave a function that allowed any process to be spawned as root, they also didn’t bother to sanitize inputs when reading the ID3 tag for display. With root access, a simple SSH package was created and pushed, providing unfettered access to the device.

Yifan Fu is encouraging other developers to start writing plugins for the device. Open formats such as ePub or Mobi can be supported as well. While apps and games are a possibility, the e-ink display will really limit the possibilities due to the slower refresh rate, lack of color as well as lack of multitouch.
It’s very possible that the Kindle Fire isn’t the only device that Amazon is selling at a loss, with attempts to make up revenues by users purchasing content. Amazon should be concerned as it may open the door for users to permanently store content past the expiration date.

 

Tags: , , , , ,
Author: Simon LR

Simon LR has written and can be contacted at simon@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN