Windows Phone 7 Marketplace DRM cracked

By on Dec 29, 2010 at 2:47 PM
mobile December 29, 2010

The digital rights management (DRM) security used by Microsoft to protect apps in its Windows Phone 7 Marketplace has been cracked, enthusiast blog WPCentral reports. Though the technology needed to do so is not yet in the hands of the general public, the DRM protecting paid applications can now easily be stripped off of apps. If details of the vulnerability used to achieve the DRM crack are made available to the public, unscrupulous programers could use the exploit to develop software that allows users to steal applications and deploy them to Windows Phone 7 devices. Microsoft has not publicly responded to the security hole, though WPCentral claims the company has been made aware of the issue. Hit the break to see Microsoft’s Windows Phone 7 Marketplace security being manhandled in a proof-of-concept video demonstration.

Read

Tags:
, , , , , , , , , , , ,
12 Comments

Related Articles

  • Anonymous

    +1 for MS, WP7, and the Dev

  • Chris

    Interesting how this news comes up after the news of the fast growth of the app marketplace…scare tactic.

  • Anonymous

    So you show it off and refuse to release and notify microsoft, what good boyscouts

  • kyle

    Aaaaaaaaaaaaaaaaaaaaaaaaand there go all the WP7 devs

  • http://twitter.com/gnomehole The Gnome

    And I just received an email from our Microsoft rep warning us about the horrible Apple lawsuit that hit the news recently (which has no impact on our company at all, they are just scrambling to make a point)

    Microsoft… don’t think they should be first to throw stones when it comes to vulnerabilities, security holes, and the like.

    Too bad, I’d pick a Win7 phone before I’d pick an Android phone… its just the word Microsoft being attached too it makes me shudder.

  • Anonymous

    that’s kinda like having a free pass to the city dump isn’t it?

  • http://ryanb.pip.verisignlabs.com/ Ryan Beesley

    We HEARD that they’ve cracked the DRM, we don’t SEE that in the video. I guess we’ll see what Microsoft’s reaction is to this. From what I’ve seen, this just looks like a side-loader.

    • http://www.wpcentral.com Daniel Rubino

      Hi Ryan, Daniel Rubino, original poster here–

      It’s not just a side loader, though I can see how it would look like that. The program in fact strips a line of code out from each and every app that removes the “security”, enabling all features of the app and “cracking” it. Anyone familiar with the Marketplace and XAP files will tell you that the security is barely existent. All this app does is combine everything into 1 step: find app, download XAP, remove security, side load.

      • http://ryanb.pip.verisignlabs.com/ Ryan Beesley

        I see, so really, if you have access to the .XAP you have access to the world.

        That seems like a significant oversight on Microsoft’s part if that’s the case. In fact, I’d hardly call this DRM then. It seems more like making their Market “secure” was a last minute consideration.

        I thought perhaps it was based on the same elliptic curve DRM used for WMA. Something that is provisioned for a device and encrypted would be significantly more difficult to circumvent. Of course that doesn’t mean it would be impossible to crack on a device, but it does mean that it would probably be more trouble than it’s worth to discover the keys to unlock. I’m surprised Microsoft has even bothered to suggest this is secure.

        Android doesn’t exactly improve on this either. The closest Android developers have to DRM is a license check system that was recently added. It is also similarly bypassed. At least with Android they don’t suggest that it is a DRM technique.

  • Anonymous

    Just from the video, it looks like the same vulnerability as iTunes had years ago: DRM is applied by the program downloading the app instead of by the store. It looks like they’re going to the store directly in the video, just like DVDjon was going directly to the iTunes store (not using itunes).

  • Edward Williams

    Security is a concept…not a reality. There is no such thing as something being secure. Haven’t we learned that yet? The idea is to keep away the honest thieves.

  • petepel

    Windows is what I call ‘crap-ware’. Stuff that is given away free (or forced on unsuspecting consumers (like ‘Bing’ (a substandard search engine), Messenger, Windows Live, etc.). They are like ‘Adware and Spyware. Windows is a ‘virus carrier’ (maybe designed that way on purpose. Even their ‘firewall’ is only ‘one-way’ (useless and purposely designed so). Some OS’s like certain versions of UNIX have never had a substantial virus infiltration (almost 1 time, but didn’t cause any harm). The Chinese computer attack showed how worthless our Microsoft based system is. It needs to be replaced it’s ‘crap’ simple as that. After my Vista ‘rip-off’ experience I ended my ‘relationship with ‘Mr Softy’. My advise stay away from any product associated with Microsoft what ever it is.

blog comments powered by Disqus