Skip to footer

Why pirates can easily steal movies from Chrome

Cybersecurity researchers alerted Google to this Chrome bug in May, but the company has not changed anything yet.

|
Mark Lennihan/AP/File
Google's Chrome browser has a glitch that allows pirates to download videos illegally.

A glitch in Google Chrome makes it easy for pirates to download illegal copies of movies streamed from sites such as Netflix and Amazon Prime.

Alexandra Mikityuk with Telekom Innovation Laboratories in Berlin, Germany, and David Livshits from the Cyber Security Research Center at Ben-Gurion University in Israel reportedly told Google about the problem on May 24, but have not yet seen the issue solved.

Google’s Widevine EME/CDM technology is the source of the problem, specifically how Google implements the technology to stream encrypted video. The researchers have created a video showing how to exploit the loophole in Chrome.

The solution seems simple to Mr. Livshits and Ms. Mikityuk. Before they publicly reveal the details, however, they are waiting until at least 90 days have passed since they privately told Google about the issue, in an effort to avoid enabling others to steal content. Google’s Project Zero security analysis team gives vendors at least 90 days to fix vulnerabilities they discover.

Google, however, did not clearly indicate what they plan to do about the glitch.

“We appreciate the researchers’ report and we’re examining it closely. Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CDM or include modified CDM rendering paths. The Chrome browser, however, is required to protect compressed videos and does so,” Google responded in a statement, according to Gizmodo. 

Google is saying that even if it fixes the problem with new code, developers can make a new browser that eliminates the code.

Livshits and Mikityuk suggest that the problem can be solved with a Chrome patch, but a more permanent fix would require designing the CDM, which sends and receives license information and decrypts videos for streaming, to run inside a Trusted Execution Environment, which would prevent someone from stealing streaming content.

Google acquired Widevine in 2010 to secure premium Youtube Channels and Chrome streams, but it is also found in more than 2 billion other devices.

Although other digital rights management system errors have been uncovered in the past, Chrome’s vulnerability is unique in that it involves third-party systems that streamers trust to protect their content.

“The simplicity of stealing protected content with our approach poses a serious risk for Hollywood [studios] which rely on such technologies to protect their assets,” Livshits told Wired. 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.
editor@csmonitor.com
Subscribe
Mark Sappenfield
Editor

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

Subscribe to insightful journalism

QR Code to Why pirates can easily steal movies from Chrome
Read this article in
https://www.csmonitor.com/Technology/2016/0627/Why-pirates-can-easily-steal-movies-from-Chrome
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe