Threat Management, Patch/Configuration Management, Vulnerability Management

Google encryption flaw could allow video piracy

A Google vulnerability could allow bad actors to hijack video content from protected videos, according to online newspaper Jewish Business News.

A flaw within the encryption technology of Widevine EME/CDM is said to hold the potential to allow attackers to steal protected content from a number of streaming services. The flaw could allow an attacker to workaround protections and save a decrypted file, which they can then make available to pirated sites. 

Researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) working with a security researcher from Telekom Innovation Laboratories in Berlin, offered an attack proof-of-concept capable of saving a decrypted version of streamed content protected by Google Widevine DRM that was played on a computer's disk drive via Google Chrome.

Google's security team has been notified of the flaw and the researchers, via Google's Project Zero for responsible disclosure, are aiding in developing a patch.

"We appreciate the researchers' report and we're examining it closely," a Google spokesperson informed "Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed video and does so."

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.