Time Table

Don't judge an audiobook by its cover: taking over your Amazon account with a Kindle

DAY 1

13:30-
14:10

Amazon’s Kindle is the most popular e-reader on the market, with an extensive ecosystem of e-books. From a security perspective, Kindle devices especially stand out because they are often linked to an Amazon account.

Their complex software stack supports numerous e-book file formats (AZW, MOBI, PDF…), as well as many underlying media formats that increase the attack surface. As such, downloading an e-book from the store may allow an attacker to gain root access to the device, take control of the Amazon account, and steal credit card information.

In this talk, we will dive into the internals of Kindle devices and discuss a $20,000 bug in the parsing of Audible audiobooks which allowed us to take full control of the e-reader. We will also share general insights on fuzzing file formats based on the MPEG-4 standard (ISOBMFF).

Location :
- Track 1(HALL B)
Category :
- Technical
Share :

Speakers

Valentino Ricotta

ヴァレンティーノ・リコッタ

Valentino Ricotta is a security researcher and reverse engineer at Thalium (part of Thales Group), drawn to the arts of vulnerability research, fuzzing and exploit techniques across diverse platforms. Previously, he has presented his findings on vulnerabilities in Windows and Steam, and competed in Pwn2Own 2023. When he's not tearing apart real-world binaries, he always loves a good CTF and expressing his creativity through convoluted challenge ideas.

Valentino Ricotta is a security researcher and reverse engineer at Thalium (part of Thales Group), drawn to the arts of vulnerability research, fuzzing and exploit techniques across diverse platforms. Previously, he has presented his findings on vulnerabilities in Windows and Steam, and competed in Pwn2Own 2023. When he's not tearing apart real-world binaries, he always loves a good CTF and expressing his creativity through convoluted challenge ideas.

Back to Time Table