logo
allArticlesConferencesPresentations

How Your E-book Might Be Reading You: Exploiting EPUB Reading Systems

Conference:  BlackHat USA 2021

2021-11-10

Summary

The presentation discusses the security concerns surrounding EPUB reading systems and how malicious e-books can exploit them.
  • EPUB is an open e-book format supported by free applications on various devices.
  • Half of the evaluated EPUB reading applications are not compliant with the security recommendations of the EPUB specification.
  • Malicious e-books can leak local file system information in 16 of the evaluated applications.
  • Distributing malicious e-books through official e-book vendors is feasible through self-publishing.
  • JavaScript should not be executable in reading systems.
  • Developers should adhere to security recommendations and practical guidelines to create more secure e-book reading systems.
The presenters conducted a study in which they wrote their own book and included some scripts to test whether self-published e-books are sufficiently sanitized before being published. Four out of six official e-book vendors did not sanitize the e-books sufficiently, accounting for 94% of the self-publishing e-book market.

Abstract

In recent years, global e-book sales have shot through the roof and e-book reading applications have sprouted like mushrooms. EPUB, the most popular open e-book format, is supported by free applications on virtually any device, ranging from desktops to smartphones. But how sure are we that these e-books aren't actually reading us?To answer this question, we analyzed 97 free EPUB reading applications across seven platforms and five physical e-readers using a self-developed semi-automated testbed. It turns out that half of these applications are not compliant with the security recommendations of the EPUB specification. For instance, a malicious e-book is able to leak local file system information in 16 of the evaluated applications.To further demonstrate the severity of these results, we also performed three case studies in which we manually exploited the most popular application on three different platforms (e.g. Amazon Kindle, Apple Books, and EPUBReader for Chrome and Firefox). Moreover, we demonstrate that distributing malicious e-books through official e-book vendors is very much feasible through self-publishing.
Materials:
Tags:

Post a comment

Related work

Do you like to read? I know how to take over your Kindle with an e-book

Conference:  Defcon 29
Authors:
2021-08-01

Unlocking Mobile App Security Secrets

Conference:  OWASP 20th Anniversary Event
Authors: Jan Seredynski
2021-09-24

Unlocking Doors from Half a Continent Away

Conference:  Defcon 31
Authors: Trevor Stevado Founding Partner/Hacker @ Loudmouth Security, Sam Haskins Hacker, Loudmouth Security
2023-08-01

Denial of Service with a Fistful of Packets: Exploiting Algorithmic Complexity Vulnerabilities

Conference:  BlackHat USA 2019
Authors:
2019-08-08

Cloudy With a Chance of Exploits: Compromising Critical Infrastructure Through IIoT Cloud Solutions

Conference:  Black Hat Asia 2023
Authors: Roni Gavrilov
2023-05-12

Good Bot, Bad Bot: Characterizing Automated Browsing Activity

Conference:  OWASP 20th Anniversary Event
Authors: Nick Nikiforakis
2021-09-24