Google’s less secure Widevine L3 digital rights management (DRM) technology has been cracked by a British security researcher, named David Buchanan. The researcher asserts that he has cracked the L3 protection level of DRM tech, which is being used by companies such as Netflix, HBO, Hulu, and other content providers. Thus, the researcher will be able to decrypt content transferred through DRM-protected multimedia streams. Also Read - Google and Qualcomm invest $230 million in HMD Global
The researcher tweeted that the Whitebox AES-128 cryptography used by the Widevine L3 platform “is vulnerable to the well-studied DFA attack, which can be used to recover the original key. Then you can decrypt the MPEG-CENC streams with plain old ffmpeg.” Also Read - Android phones can now detect and warn of earthquakes anywhere, except for China
Watch: Google Go: All you need to know
He also asserted that to crack that, it took him just a few evenings. The information regarding how this was actually accomplished is scarce as the researcher has not mentioned any other details. However, he did mention that he took the help of Philippe Teuwen and the Side-Channel Marvels project for making this attack scarily trivial to pull off. Also Read - Google People Cards feature lets users create virtual visiting cards; India the first market to get it
As of now, it is unknown whether the researcher has disclosed about the vulnerability to Google before making it public. Also, it remains to be seen what the search giant might do next on this particular now-cracked L3 implementation. Additionally, David Buchanan also stated that he ‘does not consider this a bug, and DRM is flawed by design, hence incapable of being fixed. The DRM could be made more DFA-resistant, but that “would slow down performance,” says Buchanan.