'Epub' App That Reads E-Book Files
2021 Survey Finds Serious Security Vulnerabilities
"Many Weaknesses... No Reason Not to Attack"
Recently, an unprecedented incident occurred where a large number of e-books were hacked and leaked from the major online bookstore Aladin. There are concerns that this could seriously harm the domestic e-book industry.
Although the exact details of the incident and the method of illegal leakage are currently under investigation, just two years ago, an international academic paper drew public attention by revealing "serious security vulnerabilities in the distribution and execution structure of e-books."
On the 30th, Aladin posted an announcement titled "Notice Regarding the Leakage of E-book Products" on its official website and apologized. Choi Woo-kyung, CEO of Aladin, stated, "We deeply apologize to publishers and authors," adding, "It has been confirmed that Aladin's e-book products were leaked, and we are currently identifying the exact circumstances and the scale of the damage."
E-book. The photo is not related to any specific expression in the article. [Image source=Yonhap News]
According to CEO Choi, this incident involves the illegal theft of e-book products. Aladin reportedly reported the incident to the Cyber Investigation Division of the National Police Agency and the Korea Copyright Protection Agency after becoming aware of it.
The incident began with a post by a netizen on the online community "DC Inside" on the 18th. According to the post, an 18-gigabyte (GB) file containing leaked Aladin e-books was uploaded to a private social networking service (SNS) chat room that day. In terms of volume, this corresponds to about 1,000 books.
The person who posted the leaked files is a hacker using the ID "A.Exploit," who claimed to possess approximately 850,000 e-book files totaling 17 terabytes (TB). He is demanding 100 bitcoins (BTC, approximately 3.5 billion KRW) as ransom for returning the stolen files.
It is not specifically known how the hacker stole Aladin's e-books. However, circumstantial evidence suggests the use of an "exploit" technique. An exploit is a hacking method that takes advantage of bugs, security vulnerabilities, or design flaws in computer software or hardware.
This is the first major hacking incident in the e-book market. However, security vulnerabilities in the e-book ecosystem have been continuously warned about in the past. A representative example is the "Black Hat Europe" conference held in London, UK, in 2021. The Black Hat conference is an annual event where research results and the latest trends related to security vulnerabilities are shared.
That year, two Belgian doctoral candidates attracted attention by publishing a report on security vulnerabilities in e-book software. The software they pointed out was "ePub." ePub refers to e-book readers?software that allows e-book files to be downloaded and run on computers, tablets, smartphones, and other devices.
The security vulnerability issue of 'EPUB,' the core software for distributing and reading e-book files, has been continuously discussed since the past. [Image source=Black Hat Europe Conference]
Today, most e-book companies develop their own ePub applications (apps) and provide them to customers. Amazon's Kindle, Apple's Apple Books, and Google Chrome Books are representative examples. Aladin also has its own ePub called "Aladin E-book Viewer."
However, after analyzing 97 ePub software programs directly, the researchers found that half of all applications did not even comply with basic security recommendations. If they wished, hackers could distribute e-books embedded with malicious code within the ePub or even extract information from other people's ePub files.
So why had there been no major hacking incidents in the vulnerable e-book industry until recently? Ironically, the reason is that "hackers had not paid attention to the security vulnerabilities of ePub until now."
However, the researchers warned at the time, "With so many vulnerabilities in ePub, there is no reason for attackers not to exploit them," adding, "Especially considering that the devices where ePub apps are installed are smartphones and tablets that store large amounts of data."
Aladin is cooperating with investigative authorities to monitor signs of illegal distribution of the stolen files and is making every effort to resolve the situation. However, due to the nature of e-books, which can be rapidly distributed over the internet, there are concerns that if the situation is not resolved quickly, it could cause enormous damage to the e-book industry.
The Korea Publishers Association issued a statement on the 30th, saying, "(The leaked) e-books will haunt the market like ghosts for decades to come, and their value as products will be virtually lost," urging, "Due to the nature of digital content, the speed of resolving the incident is critical. We demand that Aladin put all its efforts into early resolution of this crisis."
The association also added, "We hope e-book distributors sincerely accept the demands of the publishing industry and work to alleviate the anxiety spreading throughout the industry."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
