BEER-SHEVA, ISRAEL—A flaw in Google technology has been discovered by the Ben-Gurion University of the Negev Cyber Security Research Center, in collaboration with a security researcher from Telekom Innovation Laboratories, in relation to protecting video streams on Google Chrome. Ben-Gurion created a video to demonstrate how the content of a protected video can be stolen.
The vulnerability was discovered in the Widevine EME/CDM encryption technology and allows attackers to hijack protected content through different popular streaming services, making unprotected content available for illegal distribution. CSRC Security Researcher David Livshits developed an attack proof-of-concept that can save a decrypted version of any streamed content protected by Google Widevine DRM and played via Google Chrome on a computer’s disk drive. The proof-of-concept has been tested successfully on recent versions of Google Chrome with both Netflix and Amazon TV streaming services.
Both the vulnerability and proof-of-concept have been reported to Google’s security team. Researchers are working to correct the vulnerability. Adhering to Google’s Project Zero disclosure policy, details of the vulnerability will be released when a fix is ready for users.
“We hope that disclosure of this vulnerability will urge other DRM vendors to re-evaluate the security of their products and provide additional layers of defense,” said Dr. Rami Puzis, a researcher at BGU CSRC.