Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How Your E-book Might Be Reading You - Exploiting EPUB Reading Systems

Black Hat via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the security vulnerabilities of EPUB reading systems in this 35-minute Black Hat conference talk. Delve into an analysis of 97 free EPUB reading applications across multiple platforms and e-readers using a semi-automated testbed. Discover how half of these applications fail to comply with EPUB security specifications, potentially compromising user privacy. Examine the e-book ecosystem, JavaScript support, remote communication capabilities, and local file system access. Learn about specific case studies involving Apple Books, EPUBReader, and Amazon Kindle, including implementation details, exploit strategies, and mitigation efforts. Gain insights into the feasibility of e-book distribution and the potential for capability abuse in the wild. Walk away with key takeaways on the security implications of e-book reading systems and their impact on user privacy.

Syllabus

How Your E-book Might Be Reading You: Exploiting EPUB Reading Systems
The e book ecosystem
Semi-automated black-box evaluation
JavaScript support Inline
Remote communication
Local file system access
Web engine evaluation
Results (3)
Case studies
Apple Books
EPUBReader: implementation
EPUBReader: exploit strategy
EPUBReader: putting the exploit together
Amazon Kindle: implementation
Amazon Kindle: exploitation (2)
Amazon Kindle: mitigation
Capability (ab)use in the wild
Feasibility of e-book distribution
Key takeaways

Taught by

Black Hat

Reviews

Start your review of How Your E-book Might Be Reading You - Exploiting EPUB Reading Systems

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.