DVD Hacker Turns to iTunes

The Leading Resource For Digital Rights Management

Events Jobs Premium Services Media Kit

Network Map

E-mail Offers

Vendor Solutions

Webcasts

Navigate DRMWatch.com:

DRM Technologies

Online Content Services

DRM Standards

Enterprise Rights Management

Legal Issues

Watermarking & Fingerprinting

Special Analysis Reports

IT Management Blog

IT Management Webcasts:


	The Role of Security in IT Service Management

	Preparing for an IT Audit

	More Webcasts

Search EarthWeb Network

Be a Marketplace Partner

internet.commerce

Be a Commerce Partner

DRM Watch : DRM Technologies: DVD Hacker Turns to iTunes

DVD Hacker Turns to iTunes
November 25, 2003
By Bill Rosenblatt

Jon Johansen, the Norwegian programmer who created the DeCSS hack to the copy protection scheme used in DVDs, has created software that undermines the FairPlay DRM scheme used in the Windows version of Apple's iTunes service. The code he posted on his website, a program called QTFairUse, is a patch to the drivers for Apple's QuickTime file format, on which the FairPlay system is based.

QTFairUse is not a canned application that creates clear copies of iTunes music tracks; instead, it is a program that dumps the unprotected audio data from QuickTime's temporary memory in MPEG4 AAC format. This means that would-be infringers must do more work to get the data into a playable format, and already a few people have succeeded in getting the data into shape so that certain MPEG4 players can play it.

QTFairUse does not actually break the encryption used in FairPlay; therefore it would probably not be liable under DMCA 1201 or any European equivalents based on the European Copyright Directive. Instead, QTFairUse exploits a weakness in FairPlay that makes the data vulnerable to exposure data after it has been decrypted.

This latest action yet again proves two of our basic theorems about DRM. The first is that the likelihood of a DRM scheme being hacked is directly proportional to its popularity. There are three reasons for this. First, and most obvious, the more popular a DRM-enabled format is, the more interest it is likely to attract among hackers seeking nefarious glory. Second, as any cryptographer knows, there is no way to test the true strength of an encryption scheme in the lab - it can only be tested in the real world. QTFairUse is a classic example of this, because it does not depend on cracking the actual encryption scheme at all. Third, and more subtle, DRM schemes that reach mass-market deployment are likely to have corners cut in their designs in the interest of lowering unit cost. As Johansen taught us, the CSS DRM scheme is the canonical example of this phenomenon.

At this point, there is not a single popular DRM format that has not been hacked. The corollary to this first theorem is its converse: if a DRM scheme has not been hacked, that implies that it is not popular.

On the other hand, the second theorem that QTFairUse proves is that just because someone has hacked a DRM scheme, that does not mean that all content protected in that scheme is now somehow freely available to everyone. QTFairUse is (at least) the third and certainly the most potentially dangerous hack to iTunes published to date. Even if - as seems inevitable - someone creates a canned program that uses QTFairUse to create clear copies of iTunes files, that program must be downloaded and used. Furthermore, Apple can mitigate the damage by releasing an update to its QuickTime software that plugs the hole that Johansen exploited.

Tools:

Add www.drmwatch.com to your favorites

Add www.drmwatch.com to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

DRM Technologies Archives