Hackers crack Apple, Microsoft music codes

In the past month, separate programs have emerged to strip away the digital rights management (DRM) tools that the two technology giants use to protect music from unauthorized duplication. One of the programs counteracts Microsoft's Windows Media DRM, while the other targets Apple's FairPlay.

Both companies have long dealt with hackers finding a way to circumvent their content protections. To maintain the confidence of the record labels and other content providers, the tech giants have to scramble to close the holes. But even though they have largely been able to do so, the fixes tend to be temporary as new holes are found.

"This is not terribly unusual," said Gartner analyst Michael McGuire. "I don't think it is a weekly occurrence, but it happens."

In the Microsoft case, a program called FairUse4WM cropped up in a forum on Aug. 19. It offers a rather straightforward means to remove the DRM technology used by music download and subscription sites that use Windows Media Player 10 and Windows Media Player 11 encoding.

Microsoft worked quickly to patch the hole, offering an update this week to those that license its technology.

"Microsoft is aware that a tool recently surfaced that circumvents Windows Media Digital Rights Management technology--breaking the content protection that our content partners apply to their intellectual property such as music or video content," Microsoft senior product manager Marcus Matthias said in a statement. "Fortunately, the Windows Media DRM system has built-in renewability, we have an update to address the circumvention, and are working with our partners to deploy this solution."

On the Apple side this week, a program called QTFairUse6 emerged that uses iTunes itself to do some of the decoding work. In that case, though, a fair bit of programming work is required to remove the content restrictions.

Apple has yet to issue an update to its software and an Apple representative declined to comment on the matter.

Although Microsoft has already created a fix to close its DRM hole, it is up to individual music services to implement the patch.

"We immediately updated our service," a Napster representative said. A RealNetworks representative said the company was "in the process of implementing the patch," but declined to say how long the update would take. Representatives for Yahoo and MTV Networks did not return calls seeking comment.

Both Apple and Microsoft have been dealing with cracks in their armor for some time. In November 2003, Norwegian programmer Jon Johansen posted a program called QTFairUse that helped evade FairPlay's copy protection restrictions. Other programs emerged that tried to expand Apple's abilities to stream music over a local network into a means of actually swapping files.

Microsoft has also had to deal with many similar incidents, since at least as far back as 1999.

When it comes to patching holes, the two companies have somewhat different approaches. Apple typically issues updates to the iTunes software itself, often adding in other features in addition to security-related changes. Microsoft, meanwhile, typically offers patches just to the DRM technology, meaning that those who use its technology can patch their software and services without having to upgrade their entire program. Such was the case with the patch Microsoft issued this week.

"Microsoft has long stated that no DRM system is impervious to circumvention--a position our content partners are aware of as well," Matthias said. "That is why we designed the Windows Media DRM system to be renewable, so that if such events occur, the system can be refreshed to address them."

Gartner analyst McGuire said both approaches can work. The key is that the updates--however they are handled--should not become so onerous that users become frustrated and leery of digital music.

"There is a risk that people kind of throw up their hands," he said.