Connect with us

Internet

Google’s Widevine L3 Video Streaming DRM Platform, Used by Netflix and Others, Allegedly Cracked

Published

on

Widevine is a digital rights management (DRM) platform owned by Google that allows content providers like Netflix, HBO, etc., to stream video content to end users in a secure environment, in order to avoid unlawful duplication and distribution of their content (aka: piracy). However, security researcher David Buchanan claims to have broken Google’s Widevine L3 DRM, which would technically allow you to download an unencrypted copy of a video stream so it can be played on pretty much any standalone video player.

Buchanan tweeted that the Whitebox AES-128 cryptography used by the Widevine L3 platform is vulnerable to a “well-studied DFA (differential fault analysis) attack” that can be used to recover the original key, and then decrypt the stream. He also boasts that it took him just a “few evenings” worth of work to crack this. With the decryption key in hand, Buchanan claims that the videos can be streamed with FFmpeg, which would make it very easy to record and convert the streamed video to any of the popular formats. Buchanan hasn’t shared any details on how this is actually accomplished, but added he took the help of Philippe Teuwen and the Side-Channel Marvels project.

For now, it is unclear if Buchanan reported the vulnerability to Google before his disclosure on Twitter. He said he doesn’t consider this a bug, adding that DRM is flawed by design. He suggested Google can make the DRM more DFA-resistant with more obfuscation, but that “would slow down performance.”

While this is a big blow for streaming services, we have to keep in mind that Widevine L3 is at a lower security level, which means your video streams are usually capped at sub-HD resolutions. For HD video streaming and higher, content providers rely on the Widevine L1 DRM platform, which is more secure as all the cryptography and content processing is performed within a Trusted Execution Environment (TEE) inside your device’s processor, which is a lot harder to crack. That’s also the reason why phones like the Xiaomi Poco F1 (Review) and the OnePlus 5T (Review) were unable to playback streaming HD videos when they first launched. Widevine is currently used by all major streaming services like Netflix, HDO, Disney, Jio, Prime Video, Facebook, etc., to stream content on devices running Android and on browsers like Chrome and Firefox.



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Internet

Bose SoundControl Hearing Aids target the biggest headache in hearing loss

Published

on

Bose has launched a new set of hearing aids, with the Bose SoundControl Hearing Aids billed as the first FDA-cleared option for people with mild to moderate hearing loss but who don’t want to visit an audiologist in-person. Instead, the new buds are configured using the Bose app itself, which also has the ability to adjust automatically according to the … Continue reading

Continue Reading

Internet

Akai MPC One Retro gives a modern music icon a classic color makeover

Published

on

Akai’s MPC is an iconic of electronic music, but while the sound might be achievable today, for the style you’ve had to step up to the plate with your own retro wardrobe as you hit its familiar pads. That all changes with the Akai MPC One Retro, combining modern MPC functionality with a classic retro colorway. So, you get the … Continue reading

Continue Reading

Internet

Razer Blade 15 Advanced refreshed: 11th Gen Core H-Series and all the details

Published

on

Coinciding with Intel’s reveal of the new 11th Gen Core H-Series CPU lineup for laptops, Razer has revealed new Blade 15 Advanced configurations. While it seems that the standard model Blade 15 – released earlier this year – will be sticking with 10th Gen processors for the time being, the new Advanced model comes outfitted with those 11th Gen CPUs … Continue reading

Continue Reading

Trending