Researchers have used a proof-of-concept (PoC) side-channel attack to download an unencrypted raw file for Netflix’ Stranger Things, in a format that’s ready to distribute out to any buyer on the internet.
This pirate’s booty is the result of breaking open the widely deployed digital rights management (DRM) to framework known as Widevine, the DRM engine behind Netflix, Hulu and Amazon Prime, among others.
By way of background, Widevine is an encryption method developed by Google but offered royalty-free to content creators and streaming services. According to Google stats, about 5 billion devices out there support it, and 82 billion content licenses are issued quarterly. In other words, it’s a Big Kahuna when it comes to anti-piracy approaches – rivaled only by Apple’s FairPlay and Microsoft’s PlayReady DRM schemes.
Widevine’s end-to-end approach to encrypting copyrighted content and preventing piracy is actually quite secure, according to researchers at Fidus Information Security, who developed the PoC. But a vulnerability exists in Level 3 of the framework that opens the door to side-channel attacks.
The Widevine Approach
To keep pirates from streaming or downloading content that they shouldn’t (both for personal or resale purposes), Widevine uses a combination of hardware security and an isolated secure operating system (OS).
As it explains in its documentation, Widevine offers three levels of content protection: 1, 2 and 3. Level 1 is the most secure, where all content processing and cryptography operations are handled inside a Trusted Execution Environment (TEE); and, Widevine is incorporated into a display via a secured path like HDCP. This is the case with most modern Android devices.
In Level 2, Widevine is used within a TEE to decrypt a stream, which is then sent to the display in an unprotected format.
And in Level 3, which Fidus researchers were able to crack, Widevine is used to decrypt streams using the device’s CPU rather than inside the secure TEE, after which the decrypted stream is sent to the display unprotected. The Chrome and Firefox browsers use Level 3, for instance.
The capabilities of the user’s playback device and the quality of the content determines which level of protection is applied. Level 3 is used mainly for non-HD streams, 720p and below, and low-resolution audio – content that would be delivered over spotty broadband to a desktop or laptop (which is why browsers support Level 3) or to less sophisticated, low-cost, non-HD devices that lack TEEs, which are actually found in volume in many areas of the world, like China. Some mobile devices also block HD streams because of wireless carrier restrictions.
In all cases, “through the design of the Widevine framework, the keys that have been used to encrypt the content are never actually exposed directly to the user,” explained the firm, in a Monday posting on the PoC. “Instead, the header file that gets sent to the client when a stream is started contains the bare minimum information needed, containing just some metadata about the encryption scheme used.”
That metadata then gets passed to the content decryption module (CDM), which is contained in the client or browser that the user has installed. The CDM handles getting the license keys from the Widevine license server, before the content is decrypted and displayed, using Arxan to obfuscate the communication with the server. The license server then sends back a license to the client, which contains the content keys. These content keys are then used by the CDM to decrypt the content, which the user can then view.
However, using a new variant of a piracy method uncovered by researcher David Buchanan in January, the Fidus researchers were able to board the Netflix ship, as it were, and plunder its premium content by plucking the keys out of this process.
Breaking Widevine L3
“It was possible to download a raw file of Stranger Things from Netflix and fully remove the content protection enabled; allowing for illegal distribution of the material,” Fidus researchers noted.
It should be noted that the issue lies with Widevine, and that Netflix is just one of many Widevine users susceptible to such an attack, the researchers said.
Fidus team said that they won’t be publishing the PoC code or further details given that the repercussions could be significant. In January, Buchanan was similarly cagey about his own Widevine-cracking, but did say that it was “scarily trivial to pull off,” and that he used the Side-Channel Marvels project during “a few evenings of work” to do so.
“Their Whitebox AES-128 implementation is vulnerable to the well-studied DFA attack, which can be used to recover the original key. Then you can decrypt the MPEG-CENC streams with plain old ffmpeg,” he tweeted at the time, referring to differential fault analysis (DFA), more on which can be found here.
He also said that while Google acknowledged the issue, there’s not much to be done:
DRM is flawed by design. I do not consider this a bug, and it cannot be fixed.
— David Buchanan (@David3141593) January 3, 2019
Fidus intimated that it was working on breaking Widevine L1 and L2 – which “With Level 3 down, there’s two to go.” These, if cracked, would be a much bigger problem for Widevine and those that rely upon it, opening the door to pirating the higher-value HD content.
Threatpost has reached out to Fidus for more details and will update this post for any new information.
Google did not immediately return a request for comment.