Amazon's Kindle is the most popular e-reader on the market, with an extensive ecosystem of e-books. From a security perspective, Kindle devices especially stand out because they are often linked to an Amazon account.
Their complex software stack supports numerous e-book file formats (AZW, MOBI, PDF...), as well as many underlying media formats that increase the attack surface. As such, downloading an e-book from the store may allow an attacker to gain root access to the device, take control of the Amazon account, and steal credit card information.
In this talk, we will dive into the internals of Kindle devices and discuss a $20,000 bug in the parsing of Audible audiobooks which allowed us to take full control of the e-reader. We will also share general insights on fuzzing file formats based on the MPEG-4 standard (ISOBMFF).
By: Valentino Ricotta | Security Researcher, Thales
https://ift.tt/YxPg8G5
source https://www.youtube.com/watch?v=YslYzj5f2es
-
Unmasking State-Sponsored Mobile Surveillance Malware from Russia, China, and North Korea – Threat Actors, Tactics, and Defense Strategies S...
-
Germany recalled its ambassador to Russia for a week of consultations in Berlin following an alleged hacker attack on Chancellor Olaf Scho...
No comments:
Post a Comment