For some reason Adobe’s Epub app, seemed to be sending an lot of data to Adobe’s servers and hacker mates of the Digital Reader have confirmed that Adobe is tracking users in the app and uploading the data to their servers.
Benjamin Daniel Mussler, the security researcher who found the security hole on Amazon.com, has also confirmed it to be true.
Adobe is gathering data on the ebooks that have been opened, which pages users read, and in what order. However, it gets worse. All of the data, including the title, publisher, and other metadata for the book is being sent to Adobe’s server in clear text to allow any spook, Chinese hacker, private eye, to hack into the stream and read it.
Just when you think Adobe could not be dumber, the outfit is not just tracking what users are doing in its own app; it is also scanning your computer and gathering the metadata from all of the ebooks sitting on your hard drive too. Once it has read every ebook it uploads that data to Adobe’s servers too.
Nate Hoffelder the hack who found the breach described it as a “privacy and security breach so big that [he is] still trying to wrap my head around the technical aspects, much less the legal aspects.”
To be fair this kind of mistake is common as lots have been caught sending data in clear text, and others have been caught scraping data without permission. LG was caught in a very similar privacy violation last November when one of their Smart TVs was shown to be uploading metadata from a user’s private files to LG’s servers in clear text.
It is probably not deliberate, just what security experts technically call “bloody stupid”.
The software has violated so many privacy laws in the US, goodness knows how many it will have broken in a civilised country like Germany where privacy is taken more seriously. The Frankfurt Book Fair is coming up later this week. Adobe will be exhibiting at the trade show so we guess that the Germans will be interrogating a few executive – that ways to make you talk, apparently.