A loophole in Audible’s security is making it easy to get unlimited free audiobooks, as long as you have no moral qualms about using a fake name and credit card.
It turns out that Audible, which is owned by Amazon, doesn’t verify credit cards and user information before it allows people to start downloading audiobooks, so you can fill your iPhone with audiobooks even if you sign up for an account using an obviously fake credit card.
A teenager in India recently told Business Insider about the flaw. After seeing BI’s experiment, Gizmodo used the same technique to confirm that the loophole is still there.
First, we made a fake account:
Using a fake name, email address, and credit card number, you can sign up for any membership plan, so we chose the most expensive plan, which gives you 24 free book credits. It’s easy to buy expensive shit when you’re using completely fake information.
Audible noticed right away that the card information was shady (maybe it was the Simpsons reference or the address of “Fake Avenue” that gave it away). But it didn’t lock “Rory B. Bellows” out.
Even though you’ll get a warning, Amazon doesn’t check your credit card information until those run out of credits. Even then, once Amazon figures out your card is faulty, you can just renew your membership instead of updating the card information. That refills the credits, basically letting you download Audible’s entire catalog without paying. I accidentally tried to buy stuff using the (fake) credit card instead of the 24 credits at first, and received a notice that Amazon had to verify my information before they’d let my audio book download start… but then I renewed my membership and was able to get the same audiobooks for free.
Obviously you should not do this! It’s stealing, even though it might feel less so because it’s online. It’s notable, though, that Amazon has left Audbile’s system so insecure for so long.
I’ve asked Audible and Amazon whether they plan to fix the issue and will update when they respond. Business Insider claims Amazon has known about this since 2013. It seems like an odd thing not to fix, because it gives people a very easy way to snag free audiobooks. Almost as easy as just torrenting them. [Business Insider]
No one really likes them, but printers are actually more sophisticated than you might give them credit for. Given the right circumstances, hackers can take advantage of those guts. One recently did just that with a classic hack that never gets old: Make it run Doom.
British hacker Michael Jordon recently cracked the encryption in a Canon Pixma printer and got the machine to play the classic demon-shooter. That little display that you would usually use to tell your printer to collate or whatever is now home to Doomguy blasting hellspawn with his BFG. Jordon himself admits, “The color palette is still not quite right.” But everything else basically works.
"The printer has a 32-bit Arm processor, 10 meg of memory and even the screen is the right size," Jordon told the BBC. “I had all the bits, but it was a coding problem to get it all running together.”
The real coding problem, though, is on Canon’s end. This kind of thing should not be possible. However, Jordon noticed that Canon did a bad job securing the web portal that enables you to access your printer. How bad of a job? “The web interface has no user name or password on it,” he said. Whoops
The problems ran deeper, too. Jordon quickly realized that if he could talk to the printer over the internet, he could also upload software to it, if he could break the machine’s encryption system. He did—pretty easily, too. Uploading Doom was just the best (and most harmless) way he could think of show how these printers could be hijacked remotely.
Like a good white hat, Jordon informed Canon of the vulnerability earlier this year and presented his research to the UK’s 44Con hacker conference a few days ago. The company says it’s working on a patch. In the meantime, let me know if anybody can get GoldenEye to run on their printer, because that’s the only way to one up this hack. [Context via BBC]
Un voyage autour du monde, à la découverte de contrées aussi féeriques que lointaines, c’est ce qu’évoque la série du photographe américain Ed Freeman. Une échappée belle à travers les continents, des vues imprenables et des monuments historiques teintés par les dernières lueurs du soleil.
When you’re paying off a debt or reaching some other financial goal, you usually have to cut back on restaurants, movies and other fun stuff. After a while, that can get old. But working hard to reach your financial goals doesn’t mean you can’t enjoy life. You just have to find a balance.
Apple Watch, Schmapple Watch. If you grew up playing GoldenEye 007 on the Nintendo 64, the decision to strap a Moto 360 to your wrist was just made for you by a developer who’s created this amazing Android Wear watch face that looks like just the GoldenEye pause screen.
As modeled by the folks at Phandroid, the Secret Agent Watchface—as it’s called in the Google Play Store to keep the lawyers at bay—displays your real-life non-deteriorating health using the red bar on the left, and the Moto 360’s battery life using the blue bar on the right. It looks incredibly accurate to the watch Bond wore in the game, except that you’ll have to wait for future versions of the Moto 360 for your watch to shoot a deadly laser. [Phandroid via The Verge]