Developer James Laird has extracted and posted the RSA private key behind Apple’s AirPort Express, as well as an open-source “ShairPort” solution allowing music can be streamed from iTunes to other devices and services.
Developer James Laird said that he had discovered that the Airport Express streaming solution hid a private key, and extracted it after his girlfriend had had trouble connecting the two.
Laird posted the RSA private key on the VLC development newsgroup, and then the “ShairPort” software on his own private blog. It currently stands at version 0.03, after Laird discovered problems with IPv6.
“My girlfriend moved house, and her Airport Express no longer made it with her wireless access point,” Laird wrote. “I figured it’d be easy to find an ApEx emulator – there are several open source apps out there to play to them. However, I was disappointed to find that Apple used a public-key crypto scheme, and there’s a private key hiding inside the ApEx. So I took it apart (I still have scars from opening the glued case!), dumped the ROM, and reverse engineered the keys out of it.”
The AirPort Express, now several years old, is an 802.11g access point. More importantly, however, it serves as a means for Express users to wirelessly stream music from their Mac and iTunes to other places in the home, including speakers. Cracking the wireless key means that other developers may be able to tie into ShairPoint into their own private services, allowing them to receive iTunes music from remote locations.
Apple users have wanted wished for their music to be stored in iTunes and then streamed for years. In January 2010, MP3.com’s Michael Robertson claimed such a feature was coming from Apple and its Lala.com service. Instead, Apple launched the iPad.
Apple does allow limited iTunes streaming; the recent release of iTunes 10.2.1 – seemingly identical to the 10.2 version of iTunes – includes an improved version of Home Sharing that lets users stream content from their iTunes library between computers to an iPad, iPad 2, iPhone 3GS, iPhone 4 (GSM), or iPod touch (third and fourth generation), as long as the device is running iOS 4.3.
While there’s no indication that a hardware manufacturer would build in ShairPort, other apps (an Android app that connected to iTunes?) might be able to build it in.
Other root keys have also been leaked. Sony has been the most recent victim, with the root key guarding the PlayStation 3 recently leaking. Sony, however, partially covered up the hole by settling with hacker George Hotz, which includes an injunction against posting details of the hack, or, presumably, the root key.
A more serious breach occurred last September, when the HDCP master key protecting Blu-ray discs was cracked and posted to the Web.