A bug in the popular anti-piracy framework allows a side-channel attack on premium content.
Researchers have used a proof-of-concept (PoC) side-channel attack to download an unencrypted raw file for Netflix’ Stranger Things, in a format that’s ready to distribute out to any buyer on the internet.
This pirate’s booty is the result of breaking open the widely deployed digital rights management (DRM) to framework known as Widevine, the DRM engine behind Netflix, Hulu and Amazon Prime, among others.
By way of background, Widevine is an encryption method developed by Google but offered royalty-free to content creators and streaming services. According to Google stats, about 5 billion devices out there support it, and 82 billion content licenses are issued quarterly. In other words, it’s a Big Kahuna when it comes to anti-piracy approaches – rivaled only by Apple’s FairPlay and Microsoft’s PlayReady DRM schemes.