For the retiring decade , Hollywood ’s battle against on-line pirates has been mainly been rivet on leaked DVD screeners and illegal streaming sites . Now a dyad of security research worker say they ’ve get word a exposure in the Google Chrome web browser that allow people to save illegal copies of pic from pour internet site like Netflix and Amazon Prime .
The exposure , first reported by Wired , takes reward of the Widevine EME / CDM engineering that Chrome utilise to stream write in code video from content providers . research worker David Livshits from the Cyber Security Research Center at Ben - Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories give away a mode to hijack streaming TV from the decipherment module in the Chrome browser app after content has been sent from service like Netflix or Amazon Prime .
The research worker created a proof - of - construct ( which is presently the only evidence of the feat ) to show how easily they could illegally download streaming video once CDM technology has decrypted it .
Livshits and Mikityuk privately disclosed the bug to Google on May 24 , and amazingly , the issue still has n’t been patched yet . The investigator say the hemipteran is relatively simple , and they ’re waiting at least 90 day after the revelation to Google before they bring out detail to the public . This is the same amount of time Google’sProject Zerosecurity analyst team impart vendors to pay off vulnerabilities they see .
Wired points out that major issue confront Google as it make out with this exploit is that Chromium , the open - germ code that the Chrome web internet browser is based off , would still provide malicious hackers to take vantage of the vulnerability . Even if Google were to piece the hemipteron , other subject developers could theoretically create a unexampled browser app using the open - beginning Chromium codification and override ( or ignore ) the patch . Still , both Livshits and Mikityuk conceive Google should patch its official product , the Chrome web browser app .
Widevine is currently used in more than2 billion devicesworldwide and is the same digital right management technology used in Firefox and Opera browsers . Safari and Internet Explorer , however , use different DRM technology . Whether Google ever patches the exploit remain to be seen , but if story has taught us anything , it ’s unlikely that this will be the last meter Hollywood has to fend off digital buccaneer .
Update 2:35 p.m. : Google has released the following financial statement :
“ We appreciate the researchers ’ paper and we ’re examining it closely . Chrome has long been an open - root undertaking and developer have been able to produce their own version of the internet browser that , for example , may utilize a dissimilar CDM or admit modified CDM rendering way . The Chrome browser app , however , is required to protect compress video and does so . ”
[ Wired ]
Daily Newsletter
Get the best technical school , science , and culture intelligence in your inbox daily .
news show from the future tense , delivered to your present .
You May Also Like
