Kindle Fire NTP: Timing Channel Attack

I’ve completely offloaded remembering my appointments to the Kindle Fire, which now lives in the right thigh pocket of my cargo pants (it’s a sartorial thing). While waiting for a meeting (which it had correctly reminded me of) to start, I did my usual “What do we find in the way of open WiFi networks?” scan, found one, and connected to it. Unfortunately, it was one of those open WiFi networks that subsequently requires a password, but … then I noticed something odd with the time displayed at the top of the screen.

A bit of tapping produced the Date & Time settings screen:

Kindle Fire - 0503 1 Jan 1970

Kindle Fire – 0503 1 Jan 1970

Evidently, that not-exactly-open WiFi network also features a defunct time server that’s happy to clobber any device asking for a time update. As you might expect, snapping back forty years does horrible things to many Kindle fire apps. The crash handler can only suggest re-downloading the app from the online store, which turns out to not be necessary after a complete shutdown / reboot.

Ah, if I knew then what I know now… I’d certainly get into much more trouble. Not surprisingly, there’s a book about that; maybe it’s better not to know how things will work out.

Memo to Self: watch the time!

About these ads

  1. #1 by Bill Rutiser on 2012-11-23 - 08:32

    Even the best time servers can’t be trusted …

    https://isc.sans.edu/diary.html?n&storyid=14548

    • #2 by Ed on 2012-11-23 - 13:02

      Ouch!