August 12, 2004 11:15 PM PDT

Hacker takes bite out of Apple's iTunes

The Norwegian hacker famous for cracking DVD encryption says he has cracked Apple AirPort Express.

Jon Lech Johansen has revealed the public key that Apple AirPort Express, a wireless networking protocol, uses to encrypt music sent between iTunes and a wireless base station.

AirPort Express was released in June 2004 as a small wireless bridge from a personal computer to a stereo. Details of the AirPort Express codes were also published on Johansen's weblog, which is called So Sue Me.

In a double whammy for Apple, Johansen also wrote a program called JustePort, allowing software other than Apple iTunes to stream music to AirPort Express. As a result of Johansen's work, it's now only a matter of time before other popular software is capable of streaming music to the AirPort Express. Until now, a copy of iTunes 4.6 was required.

Johansen shot to fame over his controversial program that bypassed DeCSS encryption schemes on DVDs.

In 2003, he narrowly escaped criminal charges, brought by Hollywood, after a Norwegian court found him justified in developing the program to view legally bought DVDs on his Linux machine.

Lars Pasveer writes for ZDNet Netherlands


Join the conversation!
Add your comment
Johansen and airport express
While it is clear that Mr. Johansen is technically intelligent, I am
predicting that time will land him in jail. The underlying
anarchist attitude displayed by this young man will drive him to
"crack" one too many codes and finally be found guilty. While I
don't argue his desire to play "legal" DVD's on his Linux
machine, I do argue that breaking codes on hardware, such as
Airport Express, shows he is willing to continue to push the legal
line. Of course the real problem is the confused interpretation
of digital law between various countries.
Posted by Brian Breeding (22 comments )
Reply Link Flag
So your saying he doesnt have the right to modify a product he has purchased and legally owns in whatever way he wants?

If you bought a car and the hood was locked with a padlock that you werent allowed to open without risk of going to jail you would be pretty upset I would think.

Theres nothing anarchist about wanting to take apart something thats your property to figure out how it works. Us geeks have been doing that since we were old enough to turn a screwdriver and started taking apart our toys.
Posted by Fray9 (547 comments )
Link Flag
The real point is...
The real point of this is that this young man is a pioneer and should be honored by every person that uses a high tech device. The real problem is companies like Microsoft, Apple, all of the Hollywood Studios, the record companies and more keep developing new ways that prevent honest consumers from using the hardware and software we bought with our hard earned money in a fair way. Consumers have always had the right to back up things like CDs, Video Tapes, etc. that we buy, that was until the latest round of copyright laws made it illegal to crack the new protections. This young man is simply try to fight corporate greed and the prevention of consumers to use what they buy in a fair use way.

Posted by (336 comments )
Link Flag
Now have a reason to buy an AirPort Express
This is great news and high time that it has been done.

Closed protocols and devices that lock you into one technology or vendor are bad. They are bad for the individual who buys the hardware and bad for the company that is selling (in the long term). More and more of these false walls will fall because it is unacceptable that the purchaser can't do what they want with the equipment that I purchase and are instead locked into what some company has decided is good for them.

When the companies that make these sorts of poor decisions realize that it is their long term interest to satisfy customers rather than lock out their compition in the market place customres will be happier and companies will find it easier to sell to them. Open standards are good for both the company selling and the consumer buying the product.

Instead of being unhappy about this Apple should be happy because now many of us who have no iPod or don't do iTunes will have a way to go wireless to our stereo from a central media server. That means I now have a reason to purchase from Apple something that I had no need for before but now answers a need that I have.
Posted by albrown (36 comments )
Reply Link Flag
What is your need
What need do you have now, that you didn't have before it was cracked?
Posted by nmcphers (261 comments )
Link Flag
You still don't really have a choice...
All the "hacker" did was open up a communication channel
(which is still encoded) between his program and Airport

However, to play your songs using his software, you have to
have your music encoded using the Apple Lossless codec, only
available, you guessed it, in iTunes.

So unless you want to encode and re-encode all your music
using iTunes into Apple Lossless, your choices are still limited
to, well, Apple products.
Posted by zarathustra911 (35 comments )
Link Flag
Why would they do that?
More likely the courts would see it as justified, as there is not iTunes for Linux and he created a way to stream from it. It worked with the DVD's.

Once again, Linux becomes the hero.
Posted by Stupendoussteve (28 comments )
Reply Link Flag
Whoops, That was in reply to Johansen and airport express
See subject.
Posted by Stupendoussteve (28 comments )
Link Flag
"Once again, Linux becomes the hero."?
I don't think he said anything about doing it for Linux in particular.
Posted by (23 comments )
Link Flag
Public key = trivial hack
This article states that, "Jon Lech Johansen has revealed the public key that Apple AirPort Express..."

So what's the big deal about revealing a "public" key? As the name implies, it is public and it should be a trivial matter to discover what it is. It's the private key that matters...

Or did he actually discover the private key and Lars Pasveer, the column's writer, report the story incorrectly?
Posted by richarddavies (10 comments )
Reply Link Flag
No, he did find the public key. Apple was keeping it secret to restrict what software could use the streaming technology. With this public key now any software can use it. Granted it probably wasn't the toughest hack he ever did, but it is still useful to those who want to take advantage of this streaming technology.
Posted by unknown unknown (1951 comments )
Link Flag
If it's trivial...
If it was so trivial why doesn't everyone do it? The big problem we are seeing is that DVD and other technologies are being released with very weak encryption schemes. This should make consumers worry about the safety of their private data protected by products released by these same companies.

The public key method is also used with DVD video. It was not expected to be cracked as soon as it was. It is quite alarming how weak the encryption is on these consumer devices.
Posted by (46 comments )
Link Flag
Commercial significance?
Apple requires that you use iTunes to stream media to the
AirPort Express. Simple enough, it's free. So how exactly does
this hurt Apple except that someone smarter figured out
something they did. At the end of the day it might spur some
sales of the Airport Express. After all, this guy probably bought
Posted by Gadgeteer1969 (3 comments )
Reply Link Flag
He didn't have to buy anything.
"After all, this guy probably bought one."

He might not have. The device is not required to use the software, and the software is available online for free. The key is embeded in the software, and that's the part he needed. It would be slightly more difficult to crack the key from intercepting the radio waves than just reverse engineering the software.
Posted by (46 comments )
Link Flag
The article states: "Johansen shot to fame over his controversial program that bypassed DeCSS encryption schemes on DVDs."

DeCSS is not the encryption scheme used to prevent copying DVDs. CSS is the encryption method used. DeCSS is the anti-encryption, or de-crypting algorythm released by Johansen.
Posted by (46 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.