Amazon Kindle is my revered ebook reader, just as it is for many others. Amazon gives a $20 discount to subsidize the cost of a Kindle with a catch. That special offer includes an agreement to let Amazon appear on the lock screen and at the bottom of the home screen.

You need to pay Amazon to have those ads removed. The homebrew community’s every attempt to blow up the device was met with a firmware update that further locked it down. However, the homebrew community at MobileReads still managed to get in. No secret keys or hardware exploits were involved. It was Amazon's own ads that revealed a security hold to let you jailbreak it.

Subsidized Kindle’s irony called "Special Offers"

Cost of convenience

Let’s be honest: We’ve all considered buying the Kindle model with “Special Offers,” which shows ads on the lock screen. You’d expect to see the current book you’re reading, but instead get an ad for another book. That’s the cost of an Amazon-discounted Kindle.

Whenever you connect your Kindle to Wi-Fi, Amazon’s servers dynamically deliver those ads to the Kindle’s home screen. The idea was to sell you ebooks with sponsored content.

Want to remove those ads? There’s no toggle or option to turn them off. You’ll need to pay Amazon back the discount to remove those ads.

Meanwhile, the enthusiastic homebrew community at MobileReads found a hole in Amazon’s ad system, broke in, and devised a way to jailbreak it.

How Ads on Kindle left the door open

The exploit that led to jailbreak

Amazon’s Kindle runs a stripped-down Linux. It uses a WebKit-based browser engine to display sponsored content as “Special Offers” from Amazon’s servers. Periodically, the Kindle requests a new ad from Amazon’s server to receive a payload that gets rendered on the device.

However, the ad delivery mechanism lacks sufficient sandboxing. The community researchers found a way to feed a “malformed” ad containing code that triggers a bug to cause a buffer overflow in the WebKit engine. That crashes the internal browser, and the exploit runs a script to gain root access.

If your Kindle doesn’t have Special Offers, you’ll need to enable them for the jailbreak to run.

After that, install the MRPI (Mobile Read Package Installer) and KUAL (Kindle Unified Application Launcher) to manage apps and books. Follow the walkthrough KindleModding offers to achieve that.

The only caveat is that the jailbreak voids your Kindle’s warranty. Also, you need to disable automatic firmware updates on the Kindle, as it can block the hole and remove the jailbreak.

Things you can explore post the jailbreak

Jazz up your Kindle

When jailbreak opens Kindle to a world of possibilities, several are worth exploring. For starters, KUAL lets you install KOReader, which offers a better ebook reader that can handle PDFs with grace. Besides, you get granular control over the typography, document layer, contrast, gestures, and more.

You can add custom screensavers — make one or use existing ones from the community. Personalizing Kindle takes it a step further, letting you add a font of your choice without painful workarounds.

For tinkerers, getting SSH access can be a good start for controlling and managing a few projects to turn it into a productivity device. You can always use the jailbroken Kindle as a Home Assistant Companion or install Tailscale on it to include it on your network of devices. That’s just a glimpse of a rabbit hole for you to explore.

A firmware update can block the jailbreak

Amazon does it all the time

​Tightly packed firmware updates make it difficult for the homebrew community to make way for their apps. Amazon can release an OTA update that quietly arrives on your Kindle and disables the security hole that allows jailbreaking.

It won’t be the first time Amazon blocks a security hole that can be exploited to jailbreak its locked-down ebook reader. For now, the only solution is to disable automatic updates on Kindle.

Meanwhile, Amazon’s struggle to patch the WebKit engine continues, as a rushed fix could break the ad-delivery system on millions of Kindles. Amazon is already facing heat for disabling the direct download and transfer of digital books you already own via USB to a computer.

Software ownership needs to follow hardware

Even after paying through your nose for a Kindle model, you don’t even own those ebooks. At most, you need to be able to run different apps and software on the Kindle. If your old Kindle is eating dust in the drawer, take it out and charge it. First, enable Airplane mode on it to disable automatic updates, and check its firmware version.

Whether your Kindle model was bought with “Special Offers” or not, there’s a good chance you can jailbreak your Kindle. After that, you can explore KOReader to read ebooks and several other apps you can try out using KUAL and MRPI.