German Research University Breaks HDCP Protection used in Blu-ray
By on November 27th, 2011

The  Ruhr-Universität is a renowned research university in Germany known for its vulnerability researches. The last time I heard of them, was when they broke the  W3C standard for XML encryption. This time, they have taken a hit at High-bandwidth Digital Content Protection (HDCP), which is used in  HDMI or DVI-compliant playback devices. This same technology is used to playback Blu-ray media from over an encrypted channel. HDCP was broken into last year (or so it seemed). However, this time, the crack is confirmed.
blu-ray-hdcp

A Slashdot discussion sums up  the implications  as,

On an HDMI cable, the actual encryption that takes place is specific to keys on both sides, so cannot generally be universally cracked. If a vendor key becomes compromised, future Blu-Ray players can blacklist it.  What makes this solution useful, is that it’s just about the only way to crack the encryption on-the-wire without having to open anything up or solder anything, and it can’t be prevented by simply blacklisting vendor keys.

Intel vouched for HDCP when a master key was leaked last year. However, this year,  Ruhr-Universität has found a way past master keys and has a way to bypass this system completely.

Prof. Dr.-Ing. Tim Güneysu working with final year student  Benno Lomb has said,

We developed an independent hardware solution instead, based on a cheap FPGA board.  We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver.

This is a Man-in-the-middle attack. The vulnerability is a risk and can be broken with a device costing 200 euros. It is a cheap method to break a high-value encryption that the media industry spent a lot of money and put a lot of hope in.

Tags:
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN