A bug that can store 'protected content' in Google Chrome digital content protection function

BySarah Ackerman

Various movies, music, manga, etc. are distributed on the net, but as it is just a matter of simply uploading a file, it becomes all you can copy it, many of which are easy to use with the content protection function You can not copy or save it. However, due to a bug in the digital content protection function adopted by Google Chrome, it became clear that the content which should be protected originally was easily saved.

A Vulnerability in Google Chrome DRM Lets Attackers Steal Protected Content Easily - YouTube


this isNegev-Ben-Glion UniversityofCyber ​​Security Research Center (CSRC)It is what the announced, the demonstration movie is kore. The OS is Windows 7, the browser is Google Chrome. The content protection technology "Widevine" which Google acquired in 2010 is used. Version is 1.4.8.885.


We started playing protected content, but at this time the capture tool has already started. The right side of the screen is the state of the folder saving the content captured in real time. At first it is empty, but ...


As playback progresses, files are generated and their sizes are getting bigger and bigger.


Moreover, this captured file can be played. In other words, it is not protecting any content.


In this type of content protection technology, encrypted contents are sent, and decryption is canceled by a decryption module in the browser. However, as in the movie above, the content is already being "stolen" just after players for streaming play.

It seems that CSRC has already notified Google about the bugs published in the movie this time, but as of June 28, it remains unresolved.

According to WIRED, Google replied that it is a known problem and recognizes that "Chrome-based browser, not just Chrome, can happen anywhere."

A Bug in Chrome Makes It Easy to Pirate Movies | WIRED
https://www.wired.com/2016/06/bug-chrome-makes-easy-pirate-movies

It is unknown whether the bugs pointed out this time have actually been used, but researchers said, "The fact that the content protected in this way can be threatened depends on this type of technology It is a big risk for movie companies and other companies that are in motion. "

By the way, Widevine is a content protection technology used in 2 billion terminals worldwide, and it also uses Firefox and Opera, but this research is limited to "desktop version Chrome" , The correspondence situation of other browsers is unknown. Also, Safari uses Apple 's Fair Play CDM and Internet Explorer uses Microsoft' s PlayReady CDM, so it has nothing to do with this issue.

2016/07/06 Additional note:
Since it was pointed out that "It is not a" vulnerability "of general use, it is a simple bug," it has been changed to "bug" notation.