Kindle Touch Gets World's Simplest Jailbreak

Nate the greatest writes "Can you play an MP3 file? Then you can jailbreak the new Kindle Touch. A new hack was posted this morning that roots the Kindle Touch/K5 and opens the way for future hacks. The hacker also reveals that the K5 runs on HTML5, which should make it a lot easier to come up with new apps. Epub, anyone?"

World's simplest?

[subreality]

By what metric?

For the user, rooting the iPhone was pretty easy with jailbreakme.com. Go there, click the button.

Or do you mean easy for the developer? On HTC phones you basically say "Jailbreak please" and it says "OK."

Re:World's simplest?

It has the shortest name.

"Jail ... break .. me ... dot ... com ... this is really complicated."

"MP3 ?? ooh snazzy"

Re:World's simplest?

[ClioCJS]

That assumes you know jailbreakme is the right site with the right kind of jailbrake. I spent about 3-5 hours trying to figure out how to jailbrake my iPhone (given to me; I'd never buy one) and having gone through several different jailbrake methods before I got one that worked right. And I'm not somebody who doesn't know how to do things. I ultimately had to pop in an IRC channel and speak to actual people. There was a site - jailbrakematrix - which helped explain which jailbrakes work for which versions. Mine was a 2G/iPhone Original. And the jailbrake only worked with the latest firmware, which I had to update.

So uh, yeah. Playing an mp3 is easier than that.

Re:World's simplest?

Maybe if you knew how to spell it you wouldn't have had to waste hours.

Re:World's simplest?

[Atzanteol]

http://unrevoked.com/

Plug in phone. Run app. Make tea. Really the last part was the difficult step.

Re:World's simplest?

[History's+Coming+To]

It seems to be part of a trend towards relatively obvious and open DRM. Lock out your everyday users, but set the DRM at a level where you tend to get good amateur developers crawling all over it and doing some free R&D for you. Hell, even Microsoft are up to it with the Kinect.

Re:World's simplest?

[Pharmboy]

I can't believe Amazon is shipping this crap.

So, a system that is designed to be 100% Amazon supported for everyone who wants it to be, but is designed intentionally to be easy to jailbreak for those that don't, is automatically crap? This is idiotic. The fact that it is easy to jailbreak isn't a bug, IT IS A FEATURE.

I own a Kindle Fire, and it kicks ass. I don't expect to jailbreak it for now, as that wouldn't help me do anything that I can't already do, except maybe install an ssh client. But it is great that Amazon is keeping it easy to jailbreak, ON PURPOSE, so when I do, I can quickly and easily. I hope they sell millions of them.

Re:World's simplest?

[sound+vision]

There's no way they did this intentionally. The execution of arbitrary scripts from an MP3 file has far-ranging implications for normal users. Someone's going to end up using this exploit to write malware. If that becomes widespread, you'll get "Kindles get viruses" into the mind of the consumer. They did not want this bug/security flaw. Coincidentally, it's a "happy accident" for people who want to jailbreak their devices (which are a miniscule minority with no impact on Amazon's bottom line). But there's no reason why Amazon would want this type of vulnerability in their device.

Re:World's simplest?

[gnapster]

Why the deuce is this rated higher than its parent?

I can't believe Amazon is shipping this crap.

So, a system that is designed to be 100% Amazon supported for everyone who wants it to be, but is designed intentionally to be easy to jailbreak for those that don't, is automatically crap? This is idiotic. The fact that it is easy to jailbreak isn't a bug, IT IS A FEATURE.

The reason the GP called it crap is that now I have to worry about MP3s running arbitrary code on my tablet. Not only can they execute code, but they can gain root access and then execute code! Until I know more about the security of this device, it is making me very nervous. I want jailbreaking to be easy, but I don't want it to be effected by the same kind of action that I use every day for non-jailbreaking activities.

Re:World's simplest?

[ceoyoyo]

"Here, go to this website" is pretty simple. Simpler than "here, download this mp3 and play it."

Both are bad. Neither visiting a website nor playing an mp3 should be able to root your device. I'm all for making jailbreaking easy, but it should absolutely require a wired connection to the device.

Re:World's simplest?

[subreality]

Yes, I actually did RTFA.

jailbreakme.com isn't "follow these instructions". If you go there on an iPhone it gives you a big friendly button labelled "Jailbreak Me". You click it. Done.

Yes, I know the Kindle one is really easy too, but the bar for "World's Simplest" is one click. That's a tough act to beat. :)

Re:World's simplest?

Gaol-break.

Re:World's simplest?

[Filip22012005]

iPhone fragmentation is becoming a real problem.

Re:World's simplest?

[subreality]

It's not simple for the end user, but it's officially supported on their new phones: http://htcdev.com/bootloader/

Most of the older ones can be easily rooted by the usual shenanigans; then once you install Cyanogenmod it's yours for life. It's much more pleasant than Apple's obsession with keeping you locked out.

Re:World's simplest?

[yelvington]

You don't need to jailbreak a Kindle Fire to replace the launcher. You can sideload an alternative launcher and set it as the default without root access.

Doubleplusgood!

[PopeAlien]

Could this hack be used to protect your ebook purchases so they can't be revoked after the fact 1984 style?

Re:Doubleplusgood!

True, but they had legally good grounds for doing so, and really bent over backwards to make it right. I don't like the idea that they can do it at all, but I don't see how they really did anything morally wrong.

http://news.softpedia.com/news/Amazon-Makes-Amends-for-039-1984-039-Incident-120948.shtml

If they removed paid for copies and refused to return the money, you'd have an excellent argument. But they didn't, so I'm not sure what the big deal is now.

Re:Doubleplusgood!

[Hotweed+Music]

They were hosting illegal content. I know it's nice to get outraged about (especially because of the books banned), but you're picking a fight.

Re:Doubleplusgood!

[subreality]

When the GP said "1984 style", they were referring to the fact that Amazon actually revoked some copies of 1984 in a flash of brilliant irony.

Re:Doubleplusgood!

[thePowerOfGrayskull]

Because surely nobody knew what ggp was talking about without the link.

Here's another spin: Out of hundreds of thosuands of titles sold, they only had to pull on and it was over two years ago. Based pn past performance I would say that it"s pretty unlikely indeed. I just can't say it's impossible, because clearly it is. (Also worth noting: purchasers got their money back. Without even having to fight or ask.)

And news flash: they hated as much as the purchasers did if not more - really bad pr when they're trying to build a business around how safe and reliable it is to make electronic manuscript purchases. You think there wasn't some serious internal policy changes to ensure that chances of it happenin g again areas close to zero as possible?

It would be nice to live in a world where amazons didn't have to protect the interests of publishers as well as customers. But it's a long road from here to there.

Re:Doubleplusgood!

[causality]

True, but they had legally good grounds for doing so, and really bent over backwards to make it right. I don't like the idea that they can do it at all, but I don't see how they really did anything morally wrong.

What's morally wrong is they didn't even attempt to obtain consent. The entire notion of a marketplace is based on a willing buyer and a willing seller doing business without coercion of any kind. The initial sale of the book was done in this consentual, voluntary fashion. The revocation of the book and refunds etc. were done against the will of many customers. It was not a voluntary transaction.

If you don't want to sell something of yours to me, I don't have the right to simply take it against your will and leave you the money. If I did that but you didn't want to sell it then I just coerced you into a sale. I am certain you have some possession you are unwilling to part with and would be outraged if someone did this to you. Others feel the same way about other things they purchase.

That they sold a book they didn't have the right to sell is their problem, to be resolved between them and the rightsholder. It's not like Amazon is struggling to financially survive and couldn't have possibly worked out some kind of royalty. To make that your customers' problem is a shitty way to do business. A good business looks after their customers better than that and cleans up its own messes without involving unwilling third parties. Even if the only reason they do it is selfish, to avoid losing sales from pissed off former customers.

I'm sure it's not legally wrong since they almost definitely had the multiple pages of fine-print legalese in some kind of EULA to legally cover their asses. So no surprise the state isn't intervening here. The idea here is that coming up with a clever legal way to coerce someone into a bargain is still morally wrong. It makes some people not want to do business with you.

I don't understand this trend of making apologetics for large organizations. At all. It's as though they have to murder kittens or something before some of you will say "hey, that doesn't look right to me!". To make your problem into your customers' problem when the customers did nothing wrong (while you did) is simply unethical.

Re:Doubleplusgood!

On this you are wrong. Why is it all of a sudden "ok" when it is digital content? If they were selling physical books they could still have had no right to sell them, but they would not have had any means (nor would they have tried) to track down who had the illegal book and repossess it. Now, just because these books were digital, why is it OK? I posit that it is NOT OK. As more and more of "our" content goes digital - what makes it OK for folks to remotely decide we can't have it anymore?

Re:Doubleplusgood!

[Culture20]

True, but they had legally good grounds for doing so

&@$^ their "legally good" grounds. If Star Trek Replicators ever become a reality, I don't want Amazon using a team of transporter technicians to dematerialize stuff from my house that was replicated with the wrong copyright license. They shouldn't have the *ability* to do this because it is likely to be abused (again).

Re:Doubleplusgood!

[hedwards]

No, they didn't have legally good grounds for doing it. They sold copies they weren't authorized to sell then took them back to avoid paying a big fine. It doesn't matter whether they returned the money or not, sales are an inherently no backsies situation.

I'm not sure this is fundamentally any different from them coming over and demanding that I give back any other item I got from them in exchange for my money back.

Re:Doubleplusgood!

[causality]

I hate to say things like this but you're a fuckwit.

You hate to say such things because it's a sorry excuse for having your own point of view. I'd hate to be that way myself; that's why I'm not. I don't know if it's some kind of jealousy or what, but I see lots of posts like this written by people who clearly could not articulate their own position and why they believe it's better.

It reminds me of a post I made some weeks back about Mohandas Gandhi. I misremembered how the man's name was spelled and I wrote it as "Ghandi". So what does some useless little AC come along and do? He points this out and calls me a liar, saying obviously I never read the man's autobiography as I had said. This appeals to the bitchy base nature of a lot of people so he even got modded up. Of course, he didn't dispute anything I said about Gandhi's life, beliefs, or impact on the world. That would have required substance, something he obviously lacked. It would have also required me being wrong about the important part of the post and he knew I wasn't. His entire contribution was "you made a spelling error, therefore you're wrong and I'm right!" I guess to him that represented some kind of conquest or victory.

You're just like him.

It's that desperate need of nothing-human-beings to look down their nose at something and judge it less worthy than themselves. No power to uplift and edify, only to try to degrade in order to relieve the pain of their wretched, stressful, purposeless existence. Little do they understand it makes it worse. Enjoy your perverse, imaginary sense of superiority, if you can. I can see how my love of reason makes me an unusually tempting target. Meanwhile, my works speak for themselves and are open to constructive discourse.

Personally, I couldn't stand being like you. It would burden me with the kind of inner conflict I very much love being free from. That's why I bother to write this -- certainly not for you, as that would be pearls before swine. It's for people who see this going on everywhere and struggle with self-doubt, who might appreciate knowing they really are seeing it correctly.

Re:Doubleplusgood!

[causality]

And news flash: they hated as much as the purchasers did if not more - really bad pr when they're trying to build a business around how safe and reliable it is to make electronic manuscript purchases. You think there wasn't some serious internal policy changes to ensure that chances of it happenin g again areas close to zero as possible?

How to make it absolutely zero: don't build devices with this kind of remote-deletion functionality. When negotiating with publishers, tell them up-front that any such option is off the table, that you (the business) will settle any copyright disputes with them, without dreaming of making this your customers' problem. It's not like Amazon doesn't have the resources. Imagine the great PR they could have had if they positioned themselves as protecting their customers from such errors.

I'm just not impressed with how painful and tedious it was for them to try avoiding the use of an option that doesn't belong there in the first place. They deserved the bad PR. If telling the truth is bad PR, that's not the messenger's fault.

Re:Doubleplusgood!

[sixsixtysix]

in your situation, if there was a recall, the car seller would just come and take your vehicle, and leave a check and any personal items, whenever/wherever they wanted to. parent is saying that, once sold, the car seller should contact the buyers and let them know, and IF they wanted to, they can bring back the car with the faulty battery. you know, because of ownership and all.

Re:Doubleplusgood!

[causality]

I'd like to see the argument you put up when a stolen car you buy gets taken away from you. Two consenting adults, right?

That scenario involves a quite unwilling third party. That's exactly the problem I have with Amazon's action -- the issue was between Amazon and the rightsholder. They chose to involve unwilling third parties (their own customers at that). You are only reinforcing my point here.

That isn't two consenting adults. That's two consenting adults, one of which is using fraud, and a third adult who's very much not consenting. It's a big difference.

As said already, this was ONE frigging book in the existence of their ebook store, and people got full refunds to purchase the very same book, word from word, from a source that was legally able to sell it.

That's a most amicable way to handle it. I appreciate you highlighting the goodwill that Amazon showed once the situation happened. That part is easy to underappreciate and was worth a reminder.

I still don't find it acceptable to make this your customers' problem. You didn't do your homework and vet the product you offered for sale, that's your fault, you get to sort it out on your own. There are records of how many copies were sold, so you remit payments to the actual rightsholder plus some negotiated fee for accidentally infringing on their copyright and you're done. To put it another way, if this happened with a physical paper book would you support them breaking into your home to take it back as long as they leave an envelope with the money on your kitchen table? After all, on page 37 of the EULA you clearly gave them that right...

Why is this so acceptable in the digital world? If it's intellectual _property_ let's treat it like property. If it's zeroes and ones, let's treat it like zeroes and ones. This is a desire to have one's cake and eat it too. It's not reasonable.

To make a more minor point ... instead of going through a refund process and all the transactions that involves... why not just overwrite the book on the device and replace it with the legal copy? Customers might not even notice it happened. Why inconvenience them if you're going to have such remote capabilities at all?

You decry the apologists. But quite the contrary, I think you just want to find fault in anything a "big evil corporation" does.

When they do things the hard way for no good reason, and cause problems that could have been prevented, then the fault is there whether I find it or not.

Re:Doubleplusgood!

[fafaforza]

But that's the thing people forget. You don't own the eBook you buy. You buy what's effectively a license. You can't lend it (the 2 week lending thing is a joke), you can't resell it, you can't donate it to a library or thrift store. If you have a problem with that, then stick with paper books.

Re:Doubleplusgood!

[similar_name]

I find it moderately unlikely that amazon would start revoking your/mine ebooks.

They pulled/deleted 1984

Re:Doubleplusgood!

[causality]

Wow, for the guy who thinks that in response to being offended, that one should suck it up and move on, you are not very good at it.

I have to agree with the AC on this one: a pompous, self-righteous fuckwit. Try taking your own advice and grow a pair.

I did take my own advice. I argued why I think there's something wrong with that.

Those who cannot grow a pair? You know what they do? They look to the site admin, or a government agent, or some other authority figure to censor whatever it is they don't like. Is that what I did? No. I countered bad speech with more speech, not with censorship.

You fail to comprehend the point. Not because it is beyond your comprehension; it isn't. You fail because that way and only that way do you get to bitch about something and feel "right" even if only for the interval between that time and my setting you straight.

If by "pompous and self-righteous" you mean "I'll tell the truth and I won't make any apologies for it" then yes, that I am. What you want is for someone to kiss your ass and say things delicately to suit your tastes, to mince words and be diplomatic to avoid your ire. What you want is a people-pleaser who cares about your approval. Sorry, but fuck you, I won't play that game. Go ahead and hate me just as much as you like. Call me some more names if that fulfills your puerile needs. That's what is called having a pair. Not kow-towing to hyperemotional sensitives such as yourself who must make everything personal.

Re:Doubleplusgood!

[LordLucless]

Perhaps you should consider the fact that with the digital sales of books, mistakes are much more easily made.

Perhaps you should consider the fact that if I own something, the creator has no right to take it back just to correct a "mistake". If they made a mistake, they need to pay for it.

a simple mistake to take place, like poor editing, scanning, and spelling that you find in ebooks

Because ebooks are produced entirely separately to physical books. They don't just edit it once and produce two separate formats, no, they go through the entire process twice.

XSS

So the Kindle was jailbroken by a XSS vulnerability?
That's cool

Re:XSS

[hey!]

Pretty much. The hack was simply embedding javascript in an MP3 id3 tag.

While I'm in favor of jail breaking devices, this does NOT make me want to rush out and buy a Kindle Touch (although I was considering it before), because it reveals a flaw in the the device's basic use. Short of restricting myself to Amazon content, I'd have to check every file I use on it for malware.

Garden Picnic

[mugnyte]

The walled gardens are full of splendor, as we pay the entrance fee for a reason. Bringing your own picnic, despite the guards, will never be prevented.

Explanation (It's quite clever)

[mshenrick]

for the lazy, the title just contains HTML code to create a button, which runs DD to the MP3 (minus the title tag) to a script, as the author tag is the script source, which is then executed. If you open the properties of the MP3 (OS X's 'get info' works, or you could cat it) the source is pretty well commented

I would think that this was a major problem.

[geekprime]

It dosen't disturb anyone that an mp3 can be used to crash this thing and run arbitrary code on it?

It seems like the fact that everyone "knows" that mp3's are safe and can not give you a virus is not at all true for this device.

Re:I would think that this was a major problem.

[izomiac]

It disturbs me that Amazon would include a javascript command to execute arbitrary native code as root, and doesn't sanitize input. An ID3 tag should not be rendered, especially not with javascript, and especially not in the privileged mode the GUI is given. Making any one of those mistakes is amateurish and indicates that whoever designed this system knows absolutely nothing about security. Beyond that, obviously that person/team was given the autonomy to do this without any kind of oversight, so the device is surely riddled with such defects!

IMHO, most likely some web developer came up with that idea and is unused to even considering security issues. While you can write a GUI in DHTML and its ilk, it's not necessarily a good idea. When they ran into the easily predicted performance issues, this was their solution. Suddenly, they're no longer playing in the sandbox, but apparently they weren't quite cognizant of the implications.

Re:I would think that this was a major problem.

[Ethanol-fueled]

It doesen't disturb anyone that an mp3 can be used to crash this thing and run arbitrary code on it?

Not really. MP3's have been rooting Windows for years now. Ooh, gotta go. Just downloaded Pamela_Anderson_Naked_jpg.exe .

Re:I would think that this was a major problem.

[Em+Adespoton]

One of the first exploits for OS X back in the day was actually malware dressed up as an MP3 with the appropriate headers. It took advantage of a flaw in the header reading code of iTunes to buffer overflow and then use the iTunes memory space to escalate privilege.

Of course, the flaw in the library was patched pretty quickly, and nobody's tried it again since, but mp3s have been attack vectors for at least 10 years.

Re:I would think that this was a major problem.

You can stick album art in the id3 tag if you want; that could easily be several kb in size. Nowadays people put the cover art in every track: the redundant data isn't half as annoying as trying to manage it separately.

Re:I would think that this was a major problem.

[complete+loony]

This isn't a buffer overflow, it's a XSS scripting attack. The mp3's meta data is inserted into a HTML document without cleansing it.

On the N900 there is no jail

[dbIII]

I think there should be more devices like that where you don't have to go through hoops to make changes to your own devices.