A security vulnerability has caused Spotify’s web player to be compromised by a Chrome extension called Downloadify.
The exploited vulnerability allows users to download permanent copies of songs from the streaming music service, reports Electronista. Most content on Spotify is DRM-protected, but the Chrome extension Downloadify exploits MP3 files that are free of DRM.
The Chrome extension, originally discovered by Tweakers, downloads an MP3 of the selected track while it’s streaming, taking advantage of Spotify’s HTML5-based API. Downloadify’s author reportedly commented that the hack didn’t require much in terms of Javascript coding to accomplish an MP3 download, and that Spotify could supply a corrupted MP3 file allowing the client to fix the errors while playing it.
Google and Spotify were quick to intervene, removing Downloadify from Chrome’s Web Store, but you can still get the code on Github. Despite this, Robin Aldenhoven, Downloadify’s creator, told The Verge that the extension doesn’t work anymore in light of Spotify’s tighter security protocols, and that the extension wouldn’t be updated to circumvent the new settings.
Seems like @spotify fixed the player 🙂 the extension doesnt work anymore. Still no official response….
— Robin Aldenhoven (@rAldenhoven) May 8, 2013
Do you use Spotify? Did you take advantage of Downloadify while it was active?
0 Comments