http://www.newscientist.com/news/news.jsp?id=ns99996282&lpos=home1 Will Knight 13 August 04 NewScientist.com news service Apple's wireless streaming technology for iTunes has been cracked to allow it support non-Apple software platforms. Norwegian computer programmer Jon Johansen released a program called JusteForte that defeats the encryption used on Apple's Airport Express on Thursday. Johansen was made famous in 1999 for breaking the encryption used in software called CSS that prevented DVD copying. Airport Express is a small base station that wirelessly connects a computer to the internet or to a local network. It also has an audio socket that can be used to link a computer to a conventional stereo or pair of speakers. This allows music stored digitally to be played remotely. Until now, however, this feature has only been compatible with Apple computers and an add-on for Apple's iTunes audio software called AirTunes. Encryption algorithms Johansen figured out the secret encryption key used to secure the wireless link between a computer and an Airport Express base station and lock other systems out. His program, JusteForte, uses this key to send MP4 digital audio files from a Windows computer to an Airport Express base station. Johansen has also published the encryption key online, opening the way others to design software that can access the base stations. He says Airport Express uses a combination of two encryption algorithms AES and RSA. But precisely how Johansen succeeded in cracking the key is unclear. Cryptographic algorithms encode information by jumbling it up using mathematical formulas and a key consisting of a string of characters. Both algorithms have stood up to extensive testing, so Johansen is likely to have found a weakness in the way these algorithms are implemented rather than the algorithms themselves. "There are lots of ways to break an encryption system," says Bruce Schneier, a renowned cryptography expert. "The lesson is that it's hard to do." Software update Schneier told New Scientist Apple could change the key Airport Express uses via a software update, but that Johansen would probably be able to obtain the new key using the same undisclosed method. Schneier also defends Johansen's actions explaining that he is it is important to test the security of any system. "It's interesting science," he says. "He does it because that's how you learn and we are more secure because he does it." Apple declined to make any comment when contacted by New Scientist. In 1999 Johansen co-authored a program called DeCSS, which defeats DVD encryption, making it possible to play DVDs on any computer and copy movies. He was accused of enabling copyright infringement and taken to court in Norway but acquitted following two court cases that took place in December 2003 and January 2004. Apple has been beset by assaults against its proprietary music technology. Johansen has released two other programs designed to defeat the copy controls implemented by iTunes, called Fairplay and FairKeys. And, In July 2004, competitor RealNetworks developed a way for songs bought through its Harmony music service to play on iPods. Apple designed the iPod to play only songs bought through the iTunes store, as well as those created by users themselves. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Fri Aug 13 2004 - 11:41:53 PDT