Windows Phone 7 Marketplace Prone to App Piracy
Microsoft needs to start beefing up the security of its Windows Phone 7 App Marketplace. An ethical hacker provided WPCentral, a Windows Phone centric site, with a video showing proof-of-concept program that could grab any App from Marketplace and be installed for free sans any DRM security.
This proof-of-concept program, dubbed FreeMarketplace, raises an alarm against a severe security issue with the Windows Marketplace that might lead to App Piracy. Recently Microsoft's Windows Marketplace started teething with 5000 Apps as reported two days ago.
WPCentral clarified that the methodology of the FreeMarketplace and the proof-of-concept program itself will NOT be released to the public. Of course it did spark a discussion about the potential piracy going en masse if this methodology is leaked to the public.
Tobias is said to be the developer of the proof-of-concept FreeMarketplace program. In the video, the proof-of-concept FreeMarketplace program pulls app from the Windows Marketplace, removes the XAP Security Layer and deploys it on a WP7 device with a single button press. Basically this program was one of the efforts to highlight that the Digital Rights Management layer for security of Apps used isn't good enough
XDA-Developers forum member Valen had posted a security whitepaper on the state of App Piracy in the Windows Phone Marketplace but that post was pulled down due to obvious reasons. Tobias, the developer of FreeMarketplace program, told WPCentral:
"The code and the guides I gave you here will not stop piracy. Anyone with the corresponding skills can still startup reflector, go through your code, remove any checks, remove DRM and install it on a device. YES, but it got a lot more difficult to do it in an automated fashion. So, there might be one or two who can still break your security measures by hand but the masses won't be able as there is no generic tool available."
This means that Microsoft's XAP Security DRM is the same for every app and hence an automated DRM removal fix could be enabled to crack Windows Marketplace easy process. In order to avoid the security breach, Microsoft need to employ robust DRM security for the WP platform apps.
 

 
 
 
 
 
 
 
 
 
 
0 comments:
Post a Comment