Google encryption flaw could allow video piracy

News by Greg Masters

A Google encryption vulnerability could allow bad actors to hijack video content from protected videos.

A Google vulnerability could allow bad actors to hijack video content from protected videos, according to online newspaper Jewish Business News.

A flaw within the encryption technology of Widevine EME/CDM is said to hold the potential to allow attackers to steal protected content from a number of streaming services. The flaw could allow an attacker to workaround protections and save a decrypted file, which they can then make available to pirated sites. 

Researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) working with a security researcher from Telekom Innovation Laboratories in Berlin, offered an attack proof-of-concept capable of saving a decrypted version of streamed content protected by Google Widevine DRM that was played on a computer's disk drive via Google Chrome.

Google's security team has been notified of the flaw and the researchers, via Google's Project Zero for responsible disclosure, are aiding in developing a patch.

"We appreciate the researchers' report and we're examining it closely," a Google spokesperson informed "Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed video and does so."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews