Tip Us Hey you, we are hiring! Join us if you are an author, developer or designer!

Google's Widevine L3 DRM platform for video streaming claimed to be cracked

03 January 2019 2

Google's Widevine is the most widely used digital rights management (DRM) platform on Android smartphones and tablets. It is available in different levels (L1, L2, and L3) and helps streaming services allow users to stream or download their favorite content while preventing piracy. And now, a security researcher David Buchanan has claimed to have cracked Widevine L3 DRM.

Buchanan made the claim via his Twitter profile where he mentioned that it took him only "a few evenings of work" to crack Widevine L3 successfully. It means he was able to get access to the L3-protected content, decrypt the same, and play it via any other media player available out there.

In his tweets, he did not go into much details regarding how he was able to get past the DRM protection. Although, he does mention that "Whitebox AES-128 implementation is vulnerable to the well-studied DFA attack, which can be used to recover the original key."

It is also unknown whether Buchanan already told Google about the exploit or not. But he did tweet that he does not see this as a bug but as a flaw in the DRM design. He suggested that even though it can be made more resistant to DFA attacks with the help of more obfuscation, it would result in slowing down of the performance.

It should be noted that even though Widevine L3 is used by almost all major streaming service providers like Netflix, Amazon Prime Video, Hulu, and Hotstar; it supports only sub-HD resolution videos. For streaming HD or higher resolution videos, these services make use of Widevine L1 DRM which is way more secure and harder to crack. Google or any of the service providers are yet to comment on the claim but we will keep you updated if they do.


2

comments

Google's Widevine L3 DRM platform for video streaming claimed to be cracked
Write a comment...
Market

Apple acquires Intel's smartphone modem business for $1B to focus on 5G

Samsung

Samsung confirms 'fixed' Galaxy Fold launch for September

Google

Pixel 4 facial recognition tech under testing; leak suggests hands gestures too

Android

How to use FaceApp's old-age filter if the app is showing error