Leave a comment

Top Story: New browser bug lets thieves steal from you

Top Story: New browser bug lets thieves steal from you
Photo courtesy of SHUTTERSTOCK

On Monday, we reported that Netflix may be working on a"download and go" option for offline viewing of the movies on their site. But apparently, a Google Chrome browser glitch already allows users to download and save illegal copies of Netflix and Amazon movie streams to their hard drives.

Two security researchers, David Livshits from the Cyber Security Center at Ben-Gurion University, and Alexandra Mikityuk from Telekom Innovation Laboratories, found a vulnerability on Widevine, the DRM (Digital Rights Management) system that the Chrome browser uses to encrypt streaming content and prevent it from being pirated.

The flaw lies in how WideVine passes the encrypted content to Chrome. Widevine communicates with the protection systems of Amazon and Netflix via encrypted media extensions and a content decryption module (CDM) on the browser.

The exploit occurs right when the content is decrypted by the CDM and is passed on to the browser player, Widevine does not verify if the video is only playing in Chrome. With this, a user could theoretically intercept and save the decrypted content via separate software before it displays on the browser.

There is no known patch for this currently. The security researchers say that they informed Google about the bug on May 24 but they will not reveal any details until after 90 days, which is Google's own time frame for other companies to fix their software bugs before they are revealed publicly.

In a public statement, Google said they are studying the exploit closely but due to the open-source nature of Chromium, from which the Google Chrome browser is based, potentially anyone could create their own modified version of the software with the bug still in place.

Widevine is not exclusive to Chrome, either. Mozilla Firefox, Opera and a number of smart TVs also utilize it as their digital rights management protocol and there is the possibility that these are vulnerable as well.

As seen below, the security researchers released a proof of concept YouTube video of the Chrome vulnerability in action. Check out how easily they managed to save an online video stream locally.

Next Story
View Comments ()
Amazon Kindle update you'll want
Previous Happening Now

Amazon Kindle update you'll want

5 cool at-home science experiments to try
Next Happening Now

5 cool at-home science experiments to try