Researcher extracts DRM key from Microsoft and downloads Netflix movies
Microsoft's PlayReady copy protection for VoD content is full of holes. A security researcher has now revealed this once again.
(Bild: Black_Kira/Shutterstock.com)
A security researcher has developed a tool that reads keys from actually protected media content from Netflix and other providers in plain text under Windows 10 and 11. This could allow criminals to download films and series and offer them for download.
The Security Explorations researcher explains how he managed to do this in an article. According to him, he has already gained experience in cracking Microsoft's copy protection and DRM tool PlayReady in 2022. He claims to have hacked set-top boxes to download content from pay-TV provider Canal+. According to him, Canal+ has apparently not got to grips with the security problem and has since shut down the affected VoD platform.
Attack on copy protection
He has now taken a look at the DRM implementation in Windows 10 and 11 and has once again discovered vulnerabilities. To achieve this, he looked at the Windows protection mechanism Protected Media Path (PMP). The approach provides an isolated environment within the system to protect the rights of digital content. This includes PlayReady as copy protection. PMP uses authentication checks and integrity checks to guarantee security and prevent the illegal downloading of series and films.
(Bild: Securitz Explorations)
According to his statements, he discovered vulnerabilities in various PMP components in the context of software-side (SW) DRM. He states that none of the VoD platforms he tested under Windows (Amazon Prime Video, Canal+ Online, HBO Max, Netflix, Sky Showtime) enforces hardware-side (HW) DRM, which would prevent his attacks. According to him, Windows 10 does not support HW DRM at all, so his attack works per se. If HW DRM is used under Windows 11, he could deactivate it.
Illegal movie download
For security reasons, the researcher has not yet published any detailed information about his DRM attack. According to him, you only need a subscription to a VoD provider to start a movie and run his sniffer tool. This then reads the keys in an XOR form in a specific time window and then converts them into plain text using a simple XOR operation with a known 128-bit key sequence.
According to him, he was able to use the key to download a movie in full-HD resolution (1920 x 1080 pixels) and play it via a media player. He states that he is already in contact with Microsoft to eliminate the DRM vulnerability. A time frame for this is not yet known. It is also unclear at this stage whether content pirates are already exploiting this vulnerability.
(des)
