The reason is that the hack works only against Widevine L3 streams, and not L2 and L1, which are the ones that carry high-quality audio and video data.
Any user who cracks a Widevine L3 stream would only gain access to grainy low-quality video and lo-fi audio. Many security and cryptography experts weren't surprised by the Widevine L3 hack, as the L3 protection level is the lowest one.
Google designed its Widevine DRM technology to work on three data protection levels --L1, L2, and L each usable in various scenarios. According to Google's docs, the differences between the three protection levels is as follows:. Service providers, such as Hulu or Netflix, usually perform a check of a device to see what Widevine DRM level they support, before sending any actual content.
Because of the varying security levels, which exposes the DRM-encrypted content to attacks, service providers deliver audio and video streams with varying quality levels, with L3 receiving the lowest. While it was known for a few years that Widevine's L3 protection level was the weakest, no one until this today found a way to decrypt Widevine L3 encrypted content.
Albeit Buchanan did not yet release any proof-of-concept code, it wouldn't help anyone if he did. If a Netflix pirate would have this right being an account holder , then he'd most likely ab use it to pirate a higher-quality version of the content, instead of bothering to decrypt low-res video and lo-fi audio.
The only advantage is in regards to automating the pirating process, but as some users have pointed out, this isn't very appealing in today's tech scene where almost all devices are capable of playing HD multimedia [ 1 , 2 ].
For all intents and purposes, Buchanan's hack is purely an interesting topic of research that has achieved something that many other experts have only speculated until now. The researcher said he did report the issue to Google. Grabbed with devices protected with widevine, getting the full original encoded file rather than screen grabbing. Again, all these things just affect legitimate consumers. Pay for a tv service with a phone streaming app but cant use it because your phone is rooted or has a HDMI output.
None of it has stopped piracy. Are you sure most 4k releases are untouched web downloads? I had a quick look, and a lot of recent Netflix stuff are marked as rips not downloads. Amazon stuff did seem to often be downloads.
In any case, are you sure it was even Widevine which was broken? Web rip 4k releases are easily possible since HDCP 2. Infosec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial. Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community.
This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content. Newsletter Subscribe to our Threatpost Today newsletter Join thousands of people who receive the latest breaking cybersecurity news every day. I agree to my personal data being stored and used to receive the newsletter.
I agree to accept information and occasional commercial offers from Threatpost partners. This field is for validation purposes and should be left unchanged. Author: Tara Seals. April 30, pm. Share this article:. A bug in the popular anti-piracy framework allows a side-channel attack on premium content. Google did not immediately return a request for comment.
0コメント