Widevine L3 DRM: A British security researcher managed to crack the technology's L3 protection layer managementGoogle Widevine Digital Rights (DRM).
The hack can allow the researcher to decrypt content which is streamed and protected by DRM.
Although the cracking of Google's DRM sounds exciting, it probably will not spark mass waves of piracy. The reason is that the hack works only for streaming protected by Widevine L3, and not for L2 and L1 levels, which are used to protect high-quality video and audio.
So if someone user manages to “crack” a Widevine L3-protected streaming will only access very low quality (lo-fi) video and audio.
Google designed Widevine DRM technology to operate on three data protection levels (L1, L2 and L3) that can be used in several scenarios. According to Google documents, the differences between the three levels of protection are as follows:
- L1 - all content editing and encryption functions are handled within a CPU that supports a Trusted Execution Environment (TEE).
- L2 - only encryption functions are handled within TEE.
- L3 - the content editing and encryption functions are (intentionally) performed outside of TEE or the device does not support TEE.
So streaming service providers like Hulu or Netflix, usually perform a check on the connected device to see what level of Widevine DRM it supports, before serving content.
These services provide streaming audio and video with different levels of quality, with the L3 level being the lowest.
Although it was known that the Widevine L3 level of protection was the weakest, no one has ever found a way to decrypt the encrypted content.
Nobody except British security researcher David Buchanan who has he said on Twitter:
Soooo, after a few nights of work, I broke 100% Widevine L3 DRM. The Whitebox AES-128 is vulnerable to a well thought out DFA attack, which can be used to recover the original key and then you can decrypt MPEG-CENC streaming with ffmpeg.
Buchanan has not yet released a PoC, although he would not help anyone if he did.
To obtain the encrypted DRM file he wants to decrypt, an attacker will still need permission to play streaming.
A Netflix pirate may have this right as an account holder, but if they already have an account they can see higher quality video than what is served using Widevine L3 DRM protection.
So Buchanan's job became pure for research, as he managed to achieve something that many had not done so far.
The researcher has announced the issue in Google, and referred to it as instability because it seems to be a design flaw rather than a vulnerability.
Google's Widevine is the most popular DRM technology today, used by many companies such as Netflix, Hulu, Disney, HBO, DirectTV, Facebook, Showtime, Jio, Sony and others. Almost all hardware platforms and device manufacturers support it, such as Apple, Samsung, Google, Intel, LG, Roku, Mozilla and others.
________________________
- Google Docs and no Google account
- Google Top 10 Searches of 2018 (Greece and worldwide)
- Remove bg free online background image removal
- The Google Android file manager also supports USB drives
- Sundar Pichai: Our mission is to protect privacy
