CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
October 15th, 2010

Adobe’s Technology Allows iPad Users To Read Subscription-Only Publications For Free

Bugs in iPad applications used by numerous newspapers and magazines to deliver digital content to their paying subscribers, can be exploited to access it for free.

The problems were discovered by a group of Italian hackers called DarkApples and were originally reported [Google translation] in the Italian newspaper Il Post (The Post).

Adobe’s Digital Content Viewer technology, which is used by many publications, including Wired, The New Yorker, iGIZMO, Corriere della Sera or Gazzetta dello Sport, seems to be the most vulnerable one. This extremely simple exploitation method suggests that Adobe’s technology was designed with little regard for security.

According to the hackers, it’s only necessary to edit a settings file (.plist) and change an option from “no” to “yes” in order to turn a publication from purchasable to viewable. Such a modification will cause a “Download” button to appear for a subscription instead of a “Buy” one and will result in users having free access to the content.

In order to edit the .plist file, users need to connect the iPad to a computer and use freely available tools like iPhone Explorer to browse the contents of the device.

Also, while for publications offering long-term subscriptions this is a one-time hack, for others the process might need repeating when new issues are released.

“We have confirmed that it is possible for experienced users with detailed instructions to access some digital publications on the iPad that have not been purchased. We are working on a fix and expect to deliver a new version of our Digital Content Viewer to publishers on Friday, October 8,” Adobe said in a statement.

However, according to the Huffington Post, the hack was still working on Monday. Granted, this might not be Adobe’s fault, as the company only provides the technology. It’s the publishers’ job to update their individual apps and get them out to existent subscribers through whatever mechanisms they have in place for that.

Il Post reports that Adobe’s Digital Content Viewer is not the only technology vulnerable to such attacks. Others have similar bugs, but exploitation requires advanced tools and more technical knowledge.

Credit: Softpedia.com News

Share this item with others:

More on CyberInsecure:
  • Email Addresses Of More Than 114,000 iPad Owners Exposed By AT&T
  • Sony Second Data Breach Expose Over 24 Million Personal And Financial Records
  • Genworth Financial Customer Data Theft
  • High Success Rate Breaking Hotmail CAPTCHAs
  • CitySights NY Website Breached, 110,000 Memebers Credit Card Details Stolen

    • Posted in Adobe, Mobile, Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Friday, October 15th, 2010 at 8:37 am and is filed under Adobe, Mobile, Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Adobe’s Technology Allows iPad Users To Read Subscription-Only Publications For Free

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »