For the developers of any digital distribution store (be it Steam, or the iOS App Store, or what have you), there’s not much worse than waking up to find out that your system’s piracy protection mechanisms have big ol’ gaping security holes. There’s one thing, though, that can take a bit of the sting off: having the bad news broken to you by a white hat (read: strictly non-malicious) hacker who has every intention of helping you fix it, rather than telling the world how to do it.
Such is the case for Microsoft this morning, who found out by way of a friendly neighborhood white hat that the DRM setup on Windows Phone 7 apps can be torn apart in a matter of seconds. Not only that, but it seems the paid apps can be pulled directly from the Marketplace prior to being cracked, without a cent being offered up.
The news comes in via WPCentral, who has been working with a hacker named only as “Tobias” to outline the issue. Neither party really could have handled the situation better; they’ve contacted Microsoft to disclose the exact flaws exploited, they refuse to crack any paid applications on video (though they demonstrate the process on a free application, and indicate that it works just as well on paid apps), and they refuse to disclose any details of how the hack works until Microsoft has fixed the problem (in other words: No, you can’t have it.)
Check out the proof-of-concept video below: