Editorial

The war between security and convenience

News

iOS diagnostic services, their uses and protections, outline by Apple in response to 'backdoor' allegations

Editorial

Apple: No backdoors created for NSA

How to

How to re-download movies, music, and TV shows to your Mac or PC with iTunes in the Cloud

How to

How to re-download previously purchased apps and games on iPhone and iPad

News

Apple blocking older versions of Flash after yet another security exploit

News

iTunes 11.3 gives your movies all-new, all-streaming iTunes Extras

How to

How to re-download purchased music, movies, and TV shows with iTunes in the Cloud

News

UK government set to rush through emergency surveillance legislation

News

UK officials follow US counterparts by banning electronics with no charge from boarding flights

How to

How to change the iTunes account on your iPhone or iPad

How to

How to enable automatic downloads for music, books, and apps with iTunes in the Cloud

Editorial

Please do this before you upgrade to iOS 7.1.2!

Accessories

Apple's security lock adapter will chain your Mac Pro to your desk

Apps

Not only is Yo stupid, it's now also a security risk

Movies & TV

Happy 10th birthday British (and French and German) iTunes Store!

Apps

iTunes Store, App Store, Apple TV experiencing server problems, don't panic

How to

How to create an Apple ID on your iPhone or iPad

Apps

Apple releases iTunes 11.2.2 with a fix for unexpected downloads

News

Apple confirms iCloud breach not the reason behind Apple ID hijack

Apple neglects to secure streaming album previews

Periodically, albums become available for live streaming on iTunes prior to their official release date. The hope is that not only do consumers get a chance to hear the album before buying it, but also that by offering a free and legal way to listen to the album before it’s available, there will be less motivation for eager fans to pirate leaked albums. With unreleased albums from Daft Punk and The National currently streaming on iTunes, 9to5Mac has discovered that the streams are being left completely unprotected, offering an easy way for pirates to get high-quality cuts of the albums before they’re officially released.

With traffic sniffing tools (such as Charles Proxy or HTTP Scoop) anybody can monitor their traffic while streaming the album which will show the URL of the M4P media file being streamed. Using this URL, users can easily save the album to their computer for future listening. While it’s true somebody could also just record the stream from their computer as they listen to it, it would lose some of the quality. Downloading the stream directly offers a crisp 256kbps AAC recording. It’s also true that rather than ending up with individual tracks that a listener can easily navigate through, you’re stuck with a single file that contains the whole album. You could split the album up into separate tracks yourself (though first you'd have to get around the DRM), but at that point it would be less effort for most people to just go pirate the album elsewhere. In fact, an illegal download of Daft Punk’s Random Access Memory currently available on a popular torrent site appears to have come from the iTunes M4P stream.

Admittedly, even if the streams were protected, piracy would still be happening. There are some people who just don’t want to pay for music. However, Apple’s handing these albums to pirates on a silver platter by offering up an unprotected, high-quality streams like this ahead of their release dates. Ironically, Apple has documentation available for developers that covers how to encrypt HTTP audio and video streams to protect from this sort of thing.

Source: 9to5Mac

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at Double Encore. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

4
loading...
5
loading...
33
loading...
0
loading...

← Previously

iOS 6 reports for U.S. defense duty with new approval

Next up →

Who has the most satisfying customer experience in the UK? That'll be Apple Retail

There are 3 comments. Add yours.

SockRolid says:

Re: "Using this URL, users can easily save the album to their computer for future listening."

Trivial for true geeks.
Incomprehensible to the vast music-consuming public.
(Whether or not they call themselves geeks.)

offdahglass says:

I only like the first track on it anyways. No biggie.

Dev from tipb says:

1) Trivial for many hs and college age kids who make up a significant chunk of purchases, and who are most likely to seed torrents,where it becomes trivial for a much larger number.

2) You have a low bar for security if you find these non-measures adequate simply because a completely non-technical user would not stumble upon a URL