The Ruhr-UniversitÃ¤t is a renowned research university in Germany known for its vulnerability researches. The last time I heard of them, was when they broke the W3C standard for XML encryption. This time, they have taken a hit at High-bandwidth Digital Content Protection (HDCP), which is used in HDMI or DVI-compliant playback devices. This same technology is used to playback Blu-ray media from over an encrypted channel. HDCP was broken into last year (or so it seemed). However, this time, the crack is confirmed.
A Slashdot discussion sums up the implications as,
On an HDMI cable, the actual encryption that takes place is specific to keys on both sides, so cannot generally be universally cracked. If a vendor key becomes compromised, future Blu-Ray players can blacklist it. What makes this solution useful, is that it’s just about the only way to crack the encryption on-the-wire without having to open anything up or solder anything, and it can’t be prevented by simply blacklisting vendor keys.
Intel vouched for HDCP when a master key was leaked last year. However, this year, Ruhr-UniversitÃ¤t has found a way past master keys and has a way to bypass this system completely.
Prof. Dr.-Ing. Tim GÃ¼neysu working with final year student Benno Lomb has said,
We developed an independent hardware solution instead, based on a cheap FPGA board. We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver.
This is a Man-in-the-middle attack. The vulnerability is a risk and can be broken with a device costing 200 euros. It is a cheap method to break a high-value encryption that the media industry spent a lot of money and put a lot of hope in.