Spotify Web Player Vulnerability Allowed For DRM-Free MP3 Downloads

The Spotify web player was recently exploited, and the vulnerability allowed users to illegally download DRM-free copies of MP3’s.

A Google Chrome extension by the name of Downloadify used the discovered exploit to download MP3 files that were free of copyright software that would restrict their ability to play.

After noticing the exploit the team at Spotify quickly remedied the situation to make the Chrome extension invalid.

First reported by the team at Tweakers, the Chrome extension allowed users to download a song via MP3 at the same time they were streaming the track. The Spotify web player uses an HTML5-based API to play music, and the songs being implemented were DRM free.

The author who created the application for Chrome users says it took very little Javascript coding to accomplish the work around.

One possible solution for Spotify would be to stream a corrupt version of each MP3 through its service and then fix the errors as the song streams. Users downloading MP3’s through future exploits would be handed a corrupt version of each MP3.

After hearing about the exploit Google worked swiftly to remove Downloadify from the Google Web Store although the code has been made available on Github.

The code will likely be used by programmers to understand the exploit that existed. Downloadify creator Robin Aldenhoven tells The Verge that Spotify has already strengthened its system with more secure protocols. Aldenhoven says he will not be updating his program again.

Did you manage to grab a bunch of DRM free MP3s before the Downloadify Chrome extension was removed from the Google Web Store?