+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

A Loophole In Audible Allows Anyone To Download Unlimited Audio Books For Free

Sep 15, 2014, 17:01 IST

Nick Carter/Flickr

A teenager in India has discovered a major loophole in Amazon-owned audio book retailer Audible that allows anyone to download an unlimited amount of audio books for free.

Advertisement

Security flaws in Audible mean the site doesn't wait to authenticate credit card payments before allowing users to purchase books, meaning that anyone can provide the site with fake information and download an unlimited amount of audio books.

In a video provided to Business Insider, Alan Joseph, a 19-year-old computer science student from Bangalore, India, demonstrated the loophole. Business Insider was able to replicate the technique used by Joseph to download audio books for free.

Business Insider alerted Audible to the flaw but the company declined to comment immediately. We will update this story if the company has a statement in the future.

Using a fake name, fake email address and a fake credit card, users are able to create an account on Audible, and purchase any member program. Business Insider was able to purchase the most expensive membership program, a $229 24-book "Platinum Annual Membership," using fake credit card information.

Advertisement

Audible

After the membership is applied to an account, users are given a number of credits to purchase books as part of the membership. Despite using randomized fake card details, the credits are still applied to accounts.

Audible

Amazon only checks the credit card information after a user "buys" an audio book using a credit gained from a membership program purchased using a fake credit card.

Audible

Advertisement

But the warning that Amazon displays after attempting to verify the payment is easily avoided. All users need to do is renew their membership using the fake card information and they have more credits to buy audio books with.

Audible

Emails shown to Business Insider reveal that Amazon and Audible were first made aware of the exploit in March 2013, yet haven't responded to repeated warnings about the loophole.

If Audible checked credit card information before providing accounts with book credits, then the loophole wouldn't work. But the site has a relaxed approach to security, allowing users to sign up with fake email addresses and purchase items without so much as verifying the email address used.

Disclosure: Jeff Bezos is an investor in Business Insider through his personal investment company Bezos Expeditions.
You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article