The Kindle Touch has been rooted! There’s a proof video embedded after the break, but the best part about this discovery is that [Yifan Lu] wrote in-depth about how he discovered and exploited a security hole in the device.
The process begins by getting a dump of the firmware. If you remove the case it’s not hard to find the serial port on the board, which he did. But by that time someone else had already dumped the image and uploaded it. We guess you could say that [Yifan] was shocked by what he found in the disassembly. This a ground-up rewrite compared to past Kindle devices and it seems there’s a lot to be hacked. The bootloader is not locked, but messing around with that is a good way to brick the device. The Javascript, which is the language used for the UI, is not obfuscated and Amazon included many hooks for later plugins. Long story short, hacks for previous Kindles won’t work here, but it should be easy to reverse engineer the software and write new ones.
Gaining access to the device is as easy as injecting some HTML code into the UI. It is then run by the device as root (no kidding!). [Yifan] grabbed an MP3 file, changed its tag information to the HTML attack code, then played the file on the device to exploit the flaw. How long before malicious data from illegally downloaded MP3 files ends up blanking the root file system on one of these?
[youtube=http://www.youtube.com/watch?v=HMyv6nSAOU0&w=470]
[via Reddit]
Hacking with audio. It’s like SnowCrash man… That white noise will fry your brain. :-D
If you are interested in how this came about, here is the thread showing its evolution:
http://www.mobileread.com/forums/showthread.php?t=151537
And here is the thread that made it all possible:
http://www.mobileread.com/forums/showthread.php?t=158894
It was visual data not audio in Snowcrash.
So /that’s/ how the Decepticons hacked the NSA in Transformers!
I’m sorry i don’t understand why you wouldn’t just go with a nook simple touch. It is already rooted, easy to use, and offers more than this device even without root… Please enlighten me.
Maybe because the nook doesn’t have 3g?
A lot of lost functionality and added expense just for 3G. I don’t get it either, I think at this point the Kindle line just has enough name recognition that even superior devices have trouble competing with it; not unlike the iDevices, in fact.
Though that is another story entirely. Regardless of his choice of hardware, this is a very clever hack.
Kind of echoes my question: — “doesn’t anyone just read books anymore?”
“Why doesn’t the entire world share my exact gadget preferences??”
i think you need implants
Where have we seen a flaw just like this before? hmm, Android 1.0 seems about right… Type “reboot” into an sms message, hit enter, and the phone reboots. Sounds pretty close to this… Way to go Amazon! :clapping monkey:
Amazon is probably working on a patch as we speak. The kindle is auto updating so the filesystem wiping MP3 would have a limited lifespan.
The site appears to be taken down, somebody got a mirror?
BitDefender has blocked this website because it has been reported as a potential phishing site.