Threat Management, Patch/Configuration Management, Vulnerability Management

Google encryption flaw could allow video piracy


A Google vulnerability could allow bad actors to hijack video content from protected videos, according to online newspaper Jewish Business News.

A flaw within the encryption technology of Widevine EME/CDM is said to hold the potential to allow attackers to steal protected content from a number of streaming services. The flaw could allow an attacker to workaround protections and save a decrypted file, which they can then make available to pirated sites. 

Researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) working with a security researcher from Telekom Innovation Laboratories in Berlin, offered an attack proof-of-concept capable of saving a decrypted version of streamed content protected by Google Widevine DRM that was played on a computer's disk drive via Google Chrome.

Google's security team has been notified of the flaw and the researchers, via Google's Project Zero for responsible disclosure, are aiding in developing a patch.

"We appreciate the researchers' report and we're examining it closely," a Google spokesperson informed "Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed video and does so."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.