Google Chrome Bug Makes It Easy to Download DRM Protected Movies From Netflix and Amazon Prime
If you have been salivating at the great choice of movies on Netflix and Amazon Prime, now is you chance to download these mouth watering movies from the two movie portals without any fear of DRM or piracy. No this is not stealing but exploiting a bug that was discovered by a team of researchers from Israel and Germany.
A team of researchers from Israel and Germany have discovered a bug in Google Chrome that allows users to download any movie played through the browser’s DRM technology. Google Chrome uses a DRM component called Widevine which encrypts video content sent from premium services to the users’ browsers. Google’s Widevine DRM is used to play premium content from services like Netflix, YouTube Red, or Amazon Prime. The researchers say they identified a bug in Chrome’s Widevine implementation that allows them to intercept the video content while in transit from the Widevine module to the browser’s video player.
The vulnerability, first reported by Wired, takes advantage of the Widevine EME/CDM technology that Google Chrome uses to stream encrypted video from content providers. Researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories discovered a way to hijack streaming video from the decryption module in the Chrome browser after content has been sent from services like Netflix or Amazon Prime.
During the encryption process the Widevine DRM technology saves the premium subscriber only videos in an unprotected area of the computer’s memory. The team of researchers created an application that extracts this data and then saves it to disk without having to worry about digital rights.
Once they have downloaded and saved the videos/content, they can share it without worries about piracy as the content is directly sourced from Netflix, Amazon Prime or YouTube Red.
Google has acknowledge the bug with Chrome and said that it is not specific to Chrome, but to the entire Chromium project, meaning other browsers which used Chromium are affected as well. Safari, Firefox, IE and Edge are not affected by the bug as use different DRM modules.
The researchers have stated that forcing Widevine encryption process in a separate container like Trusted Execution Environment (TEE) inside the computer’s memory would fix the bug. However, as of now the flaw remains unpatched with the patch expected in next Chromium/Google Chrome release.
Netflix has reportedly decided to allow its users to download the movies they like to negate the effects of the bug, while Amazon is yet to comment on it.