Spotify DRM Hole Exploited by MP3-Ripping Chrome Extension

image

A Chrome browser extension that lets anyone rip music from Spotify at the click of a mouse has exposed a flaw in the security of Spotify’s library.

Spotted by Dutch site Tweakers, Downloadify takes advantage of an apparent oversight in Spotify’s music library. When using Spotify’s web player, Downloadify lets users with a paid subscription click on any song and rip it as a DRM-free MP3 to their computer.

The normal Spotify application encrypts the music that it streams, so it looks like this comes down to an oversight of some kind on Spotify’s part. When contacted for comment, Spotify told Wired.co.uk: “We are aware of the issue and are currently working on a fix.” (The exploit was patched after this article was published on Wired UK.)

Meanwhile, Google has taken the plugin down from the Chrome Web Store only a day after its May 7 launch, but, as The Verge has noted, it’s still readily available to download from Github as of the time of writing.

Several sites do exist purely to point out that you can “rip” music from Spotify quite easily by just recording from the audio out jack (or a tape deck held up to the speakers, if you want to do it old school), but any user that does anything to make “copying, reproducing, ‘ripping,’ recording” is explicitly forbidden by Spotify’s Terms and Conditions.

Via: Ars Technica

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s