"I found a curious function: nativeBridge.dbgCmd();. It seems too good to be true. This function takes any shell command, and runs it (as root). Yup. The web browser will run as root, any command given to it. Don’t go looking for remote code execution yet (although it is highly possible), as the native bridge seems to be disabled when in web browser mode (it may be able to be bypassed, but I haven’t looked into it)." – Yifan Lu, Dec. 10, 2011
Lu also found two functions Amazon built into the Kindle but didn't advertise: an accelerometer and a proximity sensor. Both are functional, though no available Kindle apps use them; code written by other developers running on jailbroken systems should be able to access both, however, Lu wrote.
and should be accessible to code written to take advantage of them on jailbroken systems
So how do you jailbreak your own Kindle Touch?
Lu packaged the Kindle Touch Jailbreak along with instruction for using it and recovering if you accidentally brick the thing.
The jailbreak code is written in the metadata of an MP3 file, and includes "very basic" USB network code that gives the user SSH-encrypted access to the Kindle.
The jailbreak doesn't change any of the files on Kindle unnecessarily and doesn't add new functionality. It only provides an entry for other developers or owners to make modifications using code they write themselves.
So far there are few, if any, rogue Kindle apps. As with iOS and Android, however, once an OS is jailbroken, it's only a matter of (a very short) time before ports of existing apps or entirely new one start circulating.
Where rogue developers go, malware writers quickly follow, though. As always, be careful what you download.
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.
Reuters: Eric Thayer