AirPort Express Reportedly Cracked

[johnnyjibbs]

I can just see Apple releasing a firmware and iTunes update that breaks this. Knowing Apple, they will not be happy to have Windows Mediap Player users streaming wirelessly, even though they would sell more AirPort Express units as a consequence.

Mind you, I'm surprised there are no third party hardware units for Win Media Player available yet. Too short a time for the copycats to copy I guess.

I love my AirPort Express.

 

[jsw]

If a human mind is able to create the encryption then another human mind can crack it. I don't think there is any such thing as 100% crack-proof!

Quantum-effects-based encryption is uncrackable. Of course, as with anything, the information is not encrypted before it's sent and after it's received, and so is always vulnerable then.

 

[ZildjianKX]

Okay, now anything can play music on the AirPort Express...

Now for any online music store to play music on the iPod

 

[jcook793]

Hey I submitted this yesterday afternoon! We could have beaten Slashdot! I demand justice!

So when there is a Linux port does that mean I can sit at work and connect to my server at home and freak out my dog with weird sounds?

 

[abram]

Movies might still be possible

I'm afraid, you won't be able to do so. streaming audio in this way
causes a latency (delay) of around 1 second. so your movie soundtrack
will be out of sync badly

This might not be a problem if the latency is consistent... I believe apps like mplayer let you manually control the the offset between audio and video.

 

[gekko513]

Okay, this bugged me about the slashdot headline too, being way to sensationalistic...

This is not "CRACKED" in any way. He has disassembled iTunes (probably) and retrieved the public key.

This allows people to write programs that will send to airport express, but the encryption itself is still completely safe.

Breaking this is as simple as Apple putting out a firmware update with new keys, and probably tweaking things a bit so the public key is harder to find next time.

Since the music itself isn't encrypted except when it's being streamed, there is not even a worry about maintaining backward compatibility (like there is with CSS or FairPlay). Apple software developers could do this in their sleep.

Excactly ... It's not cracked. The important thing (from a legal perspective) is that the music is still encrypted when it's "in the air". The private key is still secure in the Airport Express unit itself.

If someone found the private key, on the other hand, Apple would be in more trouble because that would enable anyone to "steal" the music you're broadcasting. That wouldn't make RIAA happy.

 

[spaceballl]

Eh. not that big of a deal...

 

[FriarCrazy]

This is exactly what I've been waiting for... I can just imagine sitting on my bed in my dorm playing a movie (yes, yes I know the offset issues. Well, that can be solved!)

 

[ericdano]

WMA

This is the same guy who did the Fairplay AAC stripping right?

Why not do the same for Windows Media Files? I don't think he is advancing the Apple/AAC effort at all. In fact, you could point to him and his efforts as being a reason why Apple/AAC is NOT the way to go if you want to DRM you efforts (IE: Microsoft pitching this to RIAA).

So, if he wants a challenge, why not break/strip/whatever Windows Media Files that are protected???

 

[puckhead193]

And now he's laughing all the way to the bank!

 

[zv470]

Jobs already said they would look at other applications being able to use AirTunes, but first wanted to let the technology mature a bit. Maybe 6 months time we would have got this from Apple anyway.

ps. I'm still looking for that quote, but I know I read it here somewhere.

 

[billyboy]

Doh. When I saw the headline, I thought I was going to have to hold back on ordering an Airport Express because there was a build problem with the case cracking. Breathes again.

 

[dizastor]

Actually Washington D.C. Mayor Marion Barry works in the Airport Express assembly plant... there was actual crack found inside the case.

 

[Mantat]

There is one ever-safe encryption method: quantum. Impossible to crack and will ever stay that way. Only looking at the communication disturb the transmission...

On the other hand, I would like to point out that Slashdot is among the worst source of information, they always forget details or give sensational title to 'normal' news. This is why I stopped going there and prefer less popular news sites.

 

[narco]

So what if the RIAA doesn't like this news? Can they threaten Apple to stop sale/production on them until they've proven it to be "secure"? Is this a sign that I should buy one before they're discontinued?

.narco

 

[whw5]

I think this is good for two reasons:

1) Either we have an open ended audio device that allows us to use it how we intend to or
2) Apple will patch it like they do with most of their cracked products and in order to get people to download it, as an incentive, they will add a cool feature or two of their own.

With thought 2, that got me to thinking even more...Apple sure does get a lot of the hardware cracked...I wonder why.

its the only hardware worth crackin'

 

[Elan0204]

I'm not really understanding what the big deal about this story is. So now people who buy music on a store other than iTMS can stream that music too. I don't really think that is very exciting, especially since there is no other store compatible with Macs. It seems that movie watching and game playing won't work well anyway thanks to the streaming delay, so what other real applications of an open Airport Express are there?

 

[geniusj]

Okay, this bugged me about the slashdot headline too, being way to sensationalistic...

This is not "CRACKED" in any way. He has disassembled iTunes (probably) and retrieved the public key.

This allows people to write programs that will send to airport express, but the encryption itself is still completely safe.

Perhaps I've misunderstood, but as I've seen it explained, here's what happened.

The AES key used to encrypt the traffic is itself encrypted with an RSA key. RSA is public key crypto, not AES. In order for him to decrypt the AES key, he obviously needed the RSA private key. As far as I understand it, this is totally cracked.

Regards,
-JD-

 

[~Shard~]

You knew this had to happen eventually - nothing is crack-proof! The interesting thing will be to see how Apple responds (not that they can technnically do a lot right now...)

 

[Moonlight]

yep

All keys can be cracked by "brute force decryption" it just takes alot of computer power and alot of time.

 

[discstickers]

If a human mind is able to create the encryption then another human mind can crack it. I don't think there is any such thing as 100% crack-proof!

Actually, a one-time pad is a crack-proof cypher. Assuming you keep it secret and don't reuse it. More info: http://en.wikipedia.org/wiki/One_time_pad

 

[shawnce]

Perhaps I've misunderstood, but as I've seen it explained, here's what happened.

The AES key used to encrypt the traffic is itself encrypted with an RSA key. RSA is public key crypto, not AES. In order for him to decrypt the AES key, he obviously needed the RSA private key. As far as I understand it, this is totally cracked.

Regards,
-JD-

No he found the public key used in the RSA encryption stream and is using that to hand shake with the AirPort express so that they can share a common AES key allowing one to stream audio to the AirPort device. The public key is used to encrypt the AES key and only by having the private key can one decrypt it and AirPort Express hardware has the private key embedded in it.

In other words the AirPort requires an encrypted AES stream of Apple loss-less audio and the AES key used to encrypt that stream is handed to the AirPort Express device by passing the AES key encrypted using a public RSA key.

 

[~Shard~]

All keys can be cracked by "brute force decryption" it just takes alot of computer power and alot of time.

Brute force definitely isn't the preferred method though - cracking something like MD5 or RSA using it would essentially take years with a supercomputer.

When I worked at the CSE in Ottawa (Communications Security Establishment, the Canadian NSA), they had Canada's most powerful computer there, a Cray T3E, I believe, and although we could rip through sequential-based encryption algorithms such as DES, 3DES, etc., using pure brute force on encryption such as SHA-1, RSA, etc. would be infeasible. Not impossible - but infeasible.

 

[docpsycho]

Asking for it

On the extreme side: he'd better start watching his back, it would be more cost effective to be 'rid' (dead, deceased, assumed room temprature) of him than go after him legally again.

 

[pentajigga]

i just want to be able to dj with ableton live or another app in a lounge and being able to move around