EPUB is an e-book file format with the extension .epub that can be downloaded and read on devices such as smartphones, tablets, computers or e-readers. EPUB format is mainly based on XHTML and CSS (Cascading Style Sheets) to build e-books, and navigation engines are often used to render their content. However, this gives e-book reading systems similar vulnerabilities to web browsers which is concerning.
According to a research paper (PDF) by Gertjan Franken, Tom Van Goethem, and Wouter Joosen of the imec-DistriNet research group, almost none of the JavaScript-compliant reading systems they analyzed adhered correctly to the safety recommendations of the EPUB specification. . Using a semi-automated benchmark, available on GitHub, the researchers found that 16 of the 97 systems examined allowed an EPUB to leak information about the user’s file system and, in eight cases, extract the contents of the file.
Attackers, they warn, could achieve full compromise of a user’s system by exploiting specific aspects of the read systems implementation. “Of course, the importance depends on the platform that is used, e-readers generally do not contain confidential files but, the thing changes with smartphones as they can contain private images of users.
One thing we can keep in mind in this little hint is that compared to PDF and other formats, attackers rarely use epub. If you want to detect suspicious content (i.e. JavaScript) manually, you can start with any hex editor and then you can write your own yara rules if necessary. Of course, if JavaScript is present, that doesn’t mean it has to be malicious, but it can be a topic of investigation.
Check also:
What should we know about security with JavaScript
PDF Files, Why They Are So Dangerous?
