Skip to main content

Does Audible Have a Security Loophole? Not That I Could Find

screen_shot_2014-09-15_at_11_34_09[1]Business Insider has a story up this morning which has me scratching my head.

They’re reporting that Audible, Amazon’s audiobook sub, has a security problem.  According to BI’s source,  Audible supposedly doesn’t check credit cards when you sign up for a prescription but instead checks when you use the first credit/

I have issues with this report:

In a video provided to Business Insider, Alan Joseph, a 19-year-old computer science student from Bangalore, India, demonstrated the loophole. Business Insider was able to replicate the technique used by Joseph to download audio books for free.

Using a fake name, fake email address and a fake credit card, users are able to create an account on Audible, and purchase any member program. Business Insider was able to purchase the most expensive membership program, a $229 24-book "Platinum Annual Membership," using fake credit card information.

After the membership is applied to an account, users are given a number of credits to purchase books as part of the membership. Despite using randomized fake card details, the credits are still applied to accounts.

Amazon only checks the credit card information after a user "buys" an audio book using a credit gained from a membership program purchased using a fake credit card.

I would like to disbelieve this report as simply being too implausible, but to be honest I have seen similar mistakes with other retailers, including one which allowed me to continue to buy  and download ebooks after I cancelled a subscription.

Furthermore, it appears Amazon has patched that security hole. I tried and failed to replicate the loophole mentioned in the Business Insider article, and Amazon refused to accept the fake credit card number I used for the fake account  (which is exactly what should have happened).

So even if this story was true when BI posted it, it is no longer true. Or at the very least, I cannot confirm the accuracy of the story.

Similar Articles


Comments


Your Amazon Account Can be Hacked via a Kindle eBook – The Digital Reader September 15, 2014 um 1:21 pm

[…] might not have a security issue at Audible but they do have one on their main […]


puzzled September 15, 2014 um 4:24 pm

Was your fake credit card number properly formed? CC numbers have a check digit.

Nate Hoffelder September 15, 2014 um 4:55 pm

Maybe not, but I don’t know how to tell.

But I think you just showed its not as simple as they made it soumd.


Write a Comment