Chrome Widevine Exploit Makes Streaming Piracy Easy

Piracy, the theft of copyrighted and protected content somehow, has always been around, since the dawn of media. From handwritten copies of borrowed books to teams of hundreds of hackers poring over the latest protection scheme for new video games, while the methods of piracy change, the core act has always been the same; to obtain a copy of a piece of copyrighted material without disturbing the original, and without paying. Piracy is a rampant issue in most affected industries, especially in the film sector. Since movies are simply images and sound, it's quite simple to make a copy in most cases. When streaming a movie in Chrome, a technology known as Widevine is commonly used. One of the benefits of Widevine is that it thwarts those trying to record their computer's audio and video output to score free personal copies of movies they're streaming. A security researcher has produced a video, however, showing that the feature can be defeated and video can be fed directly into illicit channels for copying.

The video does not show what program is being used, but it does show what the program is doing; content is being played through Widevine in a Chrome window, normally encrypted. This content is being played in a small space within a window. While this is happening, an unknown program is able to pierce Chrome and Widevine's defenses and a separate window in the video shows the outcome of that. A copy of what's being played is saved in multiple formats, having been captured directly through the stream. The copy is at full resolution with no hiccups, as if the video had simply been downloaded. Essentially, since Widevine works by installing a decryption module in your browser and using a unique key obtained by authenticating with the streaming service that's handing over the decrypted content, the hack plays "man-in-the-middle" and catches the decrypted content.

The sercurity research duo that found the bug, the Cyber Security Research Center at Ben-Gurion University in Israel's David Livshits and Alexandra Mikityuk from Berlin's Telekom Innovation Laboratories, have yet to release any details on exactly how the exploit works, what programs were used and how to reproduce the bug. They have stated that they will not release any information to the public aside from the demonstration video until at least 90 days after the date that they informed Google of the bug, May 24th. As of now, the bug remains unpatched.

Copyright ©2019 Android Headlines. All Rights Reserved
This post may contain affiliate links. See our privacy policy for more information.
You May Like These
More Like This:
About the Author

Daniel Fuller

Senior Staff Writer
Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, voice assistants, AI technology development, and hot gaming news in the Android world. Contact him at [email protected]