This page contains information on security issues, vulnerabilities, flaws, hacks and cracks in DRM (Digital Rights Management) software systems and hardware product solutions.
Reports appear stating that Adobe DRM, in its eBook software “Digital Editions”, monitors user behavior, tracks usage and location, and then sends the data over the Internet unencrypted.
Despite the hype of using cloud document services like Dropbox, Google Drive, and Onedrive to store and share documents securely, they all have one common flaw – attackers can access user’s files without requiring a password. All of these services rely on a password token which once obtained (say through a common phishing attack or a drive-by exploit) can be used indefinately – even if a user changes their password they cannot lock the attacker out.
Some Cloud DRM services, such as FileCloud, allow users to download DRM-protected files. However, they expose the decryption key to the user, who can easily share it. See Is FileCloud Safe? for more information on its security issues.
The popular Firefox browser now comes with DRM support by default, but since the technology is proprietary to Adobe it can’t be monitored or controlled in an appropriate manner. Thus, it’s wrapped in a “sandbox” inside Firefox so as to, hopefully, not interfere with the rest of the browser.
Two companies are offering pirated apps free of Apple’s DRM and iTunes. Both InstaSign and Zeusmos are applications that allow you to install cracked applications on your iDevice without jailbreaking.
It’s now possible to remove the DRM from epub ebooks bought in Apple’s iBooks store. ‘Brahms’ has recently released a new version, 3.3, of his Requiem software, which has been able to remove DRM from music and videos bought in the iTunes Music Store for a long time. This new version can also remove the DRM from Apple’s epub format ebooks.
Apple’s DRM has been readily broken for the iPhone, iPod and iPad, and Mac App Store with support for jailbroken devices and an increased availability of cracked apps across the Web.
Unprotected debugging functionality in Intel’s CPU enables attackers to expose root encryption keys for Platform Trust Technology (PPT) and Enhanced Privacy ID (EPID). The vulnerability activates test or debug logic at runtime, allowing an unauthenticated attacker to escalate privileges through physical access.
Attackers can extract root encryption key to gain access to and copy DRM-protected digital content such as eBooks, and bypass BitLocker and trusted platform modules (TPM) security protection to circumvent code-signing restrictions and run compromised firmware in the Intel Management Engine.
German researchers have cracked Intel’s encryption protocol using a man-in-the-middle attack, capturing the encrypted data streams, decrypting them using a $200 piece of hardware, and then sending the decrypted output to another device.
Intel have had their DRM system for high definition video content cracked. A hacker has released a master key which renders the DRM protection unusable since it allows anyone to create their own source and sink keys to unprotect content.
Scripts have been released that can remove the DRM from a number of ebook formats, including the new Kindle KPR format, Nook, Mobipocket, eReader (the really old format), Epub, and PDF. The Kindle KPR format is a PDF file wrapped in a different file format.
SnowBreeze is a jailbreak app for the iPhone that also enables users to open and read DRM protected ibooks using the ibooks app without purchasing them.
The Calibre ebook management system has had its DRM cracked by allowing plug-ins to be loaded to circumvent the DRM. It is well published that the use of plug-ins are insecure so you have to wonder why they have been allowed to load in the first place.
The DRM crack enables ebooks published in Amazon’s proprietary format to be displayed on competing readers without any DRM controls.
The Barnes & Noble Desktop Reader application (BDReader) uses a modified Adobe Adept scheme, and stores decryption keys in plain text in a sqlite database, thus proving to be an easy attack.
Windows Phone 7 DRM cracked hours after its release
Microsoft has been the latest victim of an attack on their DRM for Windows Phone 7. App piracy however has been a mounting problem on smartphones, even with copy protection in place. Android has been affected so badly by piracy that developers have argued that it’s impossible to sell paid apps on Google’s OS due both to a lack of effective protection and the ease of developing cracks.
Microsoft’s DRM Library (msnetobj.dll) is susceptible to three different types of attacks: denial of service, buffer overflow, and integer overflow. Users can be attacked when they visit a malicious web site enabling code to be run that takes control of your computer.
This paper analyses the true cost of DRM when employed at the OS level to protect content. It covers the effectiveness of DRM when applied to protect video and audio content.
Windows Vista DRM cracked
The crack allows protected video and audio content to be played without any DRM enforcement.
The program, entitled FairUse4WM (Fair Use for Windows Media) requires that the user already owns media files that have been purchased before it will make them DRM free.