• Home
  • The Tech Tin About Us
  • Contact Us
  • Privacy Policy

The Tech Tin

The Best In Tech

  • New Technology
  • Cool Gadgets
  • Latest Tech & Gadgets
  • Tech & Gadget Reviews
  • Tech & Gadget News
  • Gadgets Shop

Google Takes Down Repositories That Circumvent its Widevine DRM

Leave a Comment

widevine logoWith more ways to stream online video than ever before, protecting video continues to be a key issue for copyright holders.

This is often achieved through Digital Rights Management, which is often referred to by the initials DRM. In a nutshell, DRM is an anti-piracy tool that dictates when and where digital content can be accessed.

Google is an important player in this area. The company owns the Widevine DRM technology which is used by many of the largest streaming services including Amazon, Netflix and Disney+. As such, keeping it secure is vital.

Widevine DRM

Widevine DRM comes in different levels. The L1 variant is the most secure, followed by L2 and L3. While the latter still protects content from being easily downloaded, it’s certainly not impossible to bypass, as pirates have repeatedly shown.

Despite its vulnerabilities, Google doesn’t want to make it too easy for the public at large. This became apparent a few hours ago when the company asked the developer platform GitHub to remove dozens of “Widevine L3 Decryptor” repositories.

The code, originally published by security researcher Tomer Hadad, is a proof-of-concept code Chrome extension that shows how easy it is to bypass the low-security DRM. Google was aware of this vulnerability and previously informed Krebs Security that it would address the issue.

Google Targets Widevine L3 Decryptor Code

One option would be to patch the security flaw but, for now, Google appears to be focusing on the takedown route. In a DMCA notice sent to GitHub, the company requests the immediate takedown of dozens of “Widevine L3 Decryptor” copies.

“The following git repository [sic] contain circumvention technology that enables users to illegally access video and audio works protected by copyright,” Google writes.

“This Chrome extension demonstrates how it’s possible to bypass Widevine DRM by hijacking calls to the browser’s Encrypted Media Extensions (EME) and decrypting all Widevine content keys transferred – effectively turning it into a clearkey DRM,” Google adds.

Google sees the code, which was explicitly published for educational purposes only, as a circumvention tool. As such, it allegedly violates section 1201 of the DMCA, an allegation that was also made against the youtube-dl code last month.

Read  Best kitchen gadgets of 2020 you need to see - Gadget Flow

widevine

The takedown notice includes a long list of repositories that were all made unavailable by GitHub. This doesn’t cover the original code from Tomer Hadad, who already removed his version in late October, citing “legal reasons.”

Google views this vulnerability as a serious matter and the company says that it has also filed a Sensitive Data takedown request to prevent the Widevine’s ‘secret’ private key from being publicly shared.

Sensitive Data Request

“In addition to this request, we have filed a separate Sensitive Data takedown request of this file: /widevine-l3-decryptor as it contains the secret Widevine RSA private key, which was extracted from the Widevine CDM and can be used in other circumvention technologies.”

That last mention is interesting as private keys, which are simply a string of characters, are not seen as copyrighted or private content by everyone.

“If you distribute your key with the software, then whatever form it is in, I would not consider it “private” at all,” a commenter on Hacker News points out.

Googling the AACS Key

This ‘key controversy’ is reminiscent of an issue that was widely debated thirteen years ago. At the time, a hacker leaked the AACS cryptographic key “09 F9” online which prompted the MPAA and AACS LA to issue DMCA takedown requests to sites where it surfaced.

This escalated into a censorship debate when sites started removing articles that referenced the leak, triggering a massive backlash.

At the time, the controversial AACS key was still readily available through Google’s search engine. In that regard very little has changed. Despite Google’s sensitive data takedown request, the Widevine RSA key is easy to find through its own search engine.

From: TF, for the latest news on copyright battles, piracy and more.

  • Facebook
  • Twitter
  • Pinterest

Anime Publisher Asks Google to Wipe Dictionary Page Google Takes No Action for 99.2% of Copyright Notices Targeting Internet Archive GitHub Takes Down Pirate Streaming App ‘King Club’ Following MPA Complaint RIAA Takes Down Popular Open Source YouTube-DL Software

Filed Under: Tech & Gadget News

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get Your Free Flashlight Here
  • Email
  • Facebook
  • Twitter
  • YouTube

Recent Posts

  • Florida Judge Keeps Questioning Copyright Troll’s IP-address Evidence February 26, 2021
  • 28 of the Best New Gadgets That Dropped in February 2021 – gearpatrol.com February 26, 2021
  • “Grumpy Cat” is Long Gone But Her Copyright Lives On in Court February 26, 2021
  • High Court Orders UK ISPs to Block Stream-Ripping & Cyberlocker Sites February 25, 2021
  • Italian Police Obtain Preventative Seizure Order Targeting 10 ‘Pirate Sites’ February 25, 2021

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 55 other subscribers


Copyright © 2021 · The-Tech-Tin.Com