Spotify Web Player Compromised By Chrome Extension


Spotify

A security vulnerability has caused Spotify’s web player to be compromised by a Chrome extension called Downloadify.

The exploited vulnerability allows users to download permanent copies of songs from the streaming music service, reports Electronista. Most content on Spotify is DRM-protected, but the Chrome extension Downloadify exploits MP3 files that are free of DRM.

The Chrome extension, originally discovered by Tweakers, downloads an MP3 of the selected track while it’s streaming, taking advantage of Spotify’s HTML5-based API. Downloadify’s author reportedly commented that the hack didn’t require much in terms of Javascript coding to accomplish an MP3 download, and that Spotify could supply a corrupted MP3 file allowing the client to fix the errors while playing it.

Google and Spotify were quick to intervene, removing Downloadify from Chrome’s Web Store, but you can still get the code on Github. Despite this, Robin Aldenhoven, Downloadify’s creator, told The Verge that the extension doesn’t work anymore in light of Spotify’s tighter security protocols, and that the extension wouldn’t be updated to circumvent the new settings.

Do you use Spotify? Did you take advantage of Downloadify while it was active?


Kokou Adzo

Kokou Adzo is a seasoned professional with a strong background in growth strategies and editorial responsibilities. Kokou has been instrumental in driving companies' expansion and fortifying their market presence. His academic credentials underscore his expertise; having studied Communication at the UniversitĂ  degli Studi di Siena (Italy), he later honed his skills in growth hacking at the Growth Tribe Academy (Amsterdam).

0 Comments

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.