toggle

AAPL Stock: 112.34 ( + 4.62 )

Printed from http://www.macnn.com

Spotify web player exploited for free downloads by Chrome extension

updated 11:01 am EDT, Wed May 8, 2013

Weak security resulted in DRM-free MP3 file downloads

A vulnerability found in Spotify's web player has been exploited, allowing users to download permanent copies of songs from the service. A Chrome extension by the name of Downloadify used the exploit to download MP3 files that were free of DRM, rather than just stream them, something which Spotify has been quick to rectify.

The Chrome extension, found by Tweakers, downloaded the track at the same time as streaming the song, taking advantage of the fact that the web-based client uses an HTML5-based API to play the music, and that the same songs being streamed were DRM free. The author of the extension reportedly commented that the hack required very little in the way of Javascript coding in order to accomplish, and that one possible solution for Spotify would be to supply a corrupt MP3 file and allow the client to fix the errors while playing it.

Google has been swift to remove Downloadify from the Chrome Web Store, but the code continues to be available to download in locations such as Github. Downloadify creator Robin Aldenhoven told The Verge that since Spotify has added a more secure protocol to its web player, the extension no longer works, and would not be updating the project again.




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

toggle

Most Commented