Kindle Touch XSS JailBreak

The recently release Kindle Touch has been freed. Yifan Lu, freelance developer, has dug down and posted details on an exploit used to jailbreak Kindle OS 5.

Although it might look completely innocuous due to the e-ink display, the Kindle Touch is a relatively complex device. At the core of the device is an operating system built around HTML5 and Javascript. Unfortunately, the engineers at Amazon left some gaping holes in the system, allowing for a straight-forward XSS (cross site scripting) attack vector to be used.

By embedding HTML and JS calls into an MP3, Yifan Lu was able to hook into undocumented debug functions in order to execute code at root level. Not only did Amazon leave a function that allowed any process to be spawned as root, they also didn’t bother to sanitize inputs when reading the ID3 tag for display. With root access, a simple SSH package was created and pushed, providing unfettered access to the device.

Yifan Fu is encouraging other developers to start writing plugins for the device. Open formats such as ePub or Mobi can be supported as well. While apps and games are a possibility, the e-ink display will really limit the possibilities due to the slower refresh rate, lack of color as well as lack of multitouch.
It’s very possible that the Kindle Fire isn’t the only device that Amazon is selling at a loss, with attempts to make up revenues by users purchasing content. Amazon should be concerned as it may open the door for users to permanently store content past the expiration date.


Amazon Launches 3 New Kindles, Starting at $79

Amazon has a lot of surprises in store for us today. It has launched not only its new Android tablet – the Amazon Kindle Fire – but also 3 new versions of the Kindle ebook reader.

When the Kindle was originally launched, it was a great deal. Amazon slashed the price over the years and now the new Kindles start at just $79, which makes them irresistible.

Amazon Kindle

Amazon Kindle

This will be the new standard Kindle. It will be priced at $79, and will be the cheapest version available.

Amazon has done away with the keyboard and made it much more compact. It comes with a standard 6 inch e-ink display, with 2 GB of internal storage. It will also support Wi-Fi and sports a 5 way controller for navigation.

Buy Amazon Kindle

Amazon Kindle Touch

Amazon Kindle Touch

This will be the touchscreen version of the Kindle. It will come with a 6 inch e-ink, touchscreen display with no physical controls. It will sport 4 GB of internal storage, and will come with Wi-Fi only. It will retail for $199.

Buy Amazon Kindle Touch

Amazon Kindle Touch 3G

This will be the 3G version of the Amazon Kindle Touch. Exactly identical to the Kindle Touch, except for the price and connectivity options. It will sport Wi-Fi as well as 3G, and will be priced at $149.

Buy Amazon Kindle Touch 3G