Feeds

Hackers break Amazon's Kindle DRM

The great ebook 'unswindle'

Securing Web Applications Made Simple and Scalable

Updated Hackers from the US and Israel say they have broken copyright protections built in to Amazon's Kindle for PC, a feat that allows ebooks stored on the application to work with other devices.

The hack began as an open challenge in this (translated) forum for participants to come up with a way to make ebooks published in Amazon's proprietary format display on competing readers. Eight days later, users going by the handles Labba and i♥cabbages had a working program that did just that.

The hack is the latest to show the futility of digital rights management schemes, which more often than not inconvenience paying customers more than they prevent unauthorized copying.

Once upon a time, Apple laced its iTunes-purchased offerings with similar DRM restrictions that evoked major headaches when trying to do something as simple as transferring songs to a new PC. When reverse engineering specialist DVD Jon neutered the mechanism, that was the beginning of the end to the draconian regimen, which Apple called, ironically enough, Fairplay.

But most vendors don't bow so gracefully or quickly out of the reverse-engineering arms race. Witness, well, Apple, which regularly issues iPhone updates to thwart users who have the audacity to jailbreak the devices they own. Texas Instruments has also been known to take action against customers who reverse engineer calculators.

Amazon representatives have yet to indicate how they plan to respond. Queries put to a spokesman on Tuesday weren't returned.

According to a writeup of the Kindle hack here, Amazon engineers went to considerable lengths to prevent their DRM from being tampered with. The Kindle for PC uses a separate session key to encrypt and decrypt each book "and they seem to have done a reasonable job on the obfuscation," the author, i♥cabbages, says.

Labba and the US-based i♥cabbages, who declined to give his real name, discovered the attack vector independently around the same time. The resulting crack is a piece of software called unswindle, which was written by the latter hacker and is available here. It relies on reverse engineering from a hacker called darkreverser to discover the encryption algorithm used by the universal Mobipocket reader and most Kindle books.

Once unswindle is installed, proprietary Amazon ebooks can be converted into the open Mobi format. And from there, you can enjoy the content any way you like. ®

This article was updated to add details about collaboration between Labba and i♥cabbages.

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.