The HTML5 code is where the security hole that Yifan exploited was. Yifan modified an mp3 file with his hack buried in the ID3 tags. Inside the tags, it exploited a bit of code that didn't terminate a tag properly, thus allowing code injection. The Kindle displays the tag information while playing the mp3, so it also executes the malicious code in the tag. Boom, device rooted.
This hack is quite simple. All it does is install a key to root the device. I'm not quite sure how Yifan got the key, though.
- Kindle Touch
- The will to void your Kindle's warranty
- Download the .mp3 with the exploit here.
- Connect your Kindle Touch to your computer.
- Copy the .mp3 over to the music folder on your device.
- Start up your Kindle device.
- Enable the experimental menu, and play the mp3 with it.
- Wait for the device to be rooted.
That's it. Wait for some cool exploits to come out, and Null Byte will gladly show you how to teach your Kindle Touch some new kung-fu.