Feeds

Intel confirms HDCP copy-protection crack

That's torn it

Internet Security Threat Report 2014

Intel has confirmed Blu-ray HDCP encryption is cracked after admitting a leaked master key is the real deal.

High-bandwidth Digital Content Protection (HDCP) copy protection technology is designed to protect high-definition video content as it travels across digital interfaces. The technology was developed by Digital Content Protection, a subsidiary of Intel, and licensed to HDTV, set-top boxes and Blueray disk manufacturers and the like.

A leaked key, now confirmed as genuine, was published online on Tuesday via Pastebin, and quickly spread around the web. The master key creates a mechanism to strip the encryption from, for example, a HD satellite TV broadcast and a DVR, at least in theory. The availability of a master key effectively renders the key revocation feature built into HDCP impotent.

Tom Waldrop, a spokesman for Intel, confirmed that the leaked key works as advertised, although practical hacks would be hard if not impossible to achieve.

"What we have confirmed through testing is that you can derive keys for devices from this published material that do work with the keys produced by our security technology," Waldrop told FoxNews, adding: "This circumvention does appear to work."

Intel reckons that someone exploiting the hack would need to build a device that ignores HDCP copy protection, with a specialist chip. Software hacks would simply be too slow.

The chip giant is keen to reassure the entertainment industry that the situation is under control. "HDCP remains an effective component for protecting digital entertainment," Waldrop said. "It relies on these licensing agreements to ensure that implementations are done appropriately, and there are legal enforcement methods available for cases where it is done inappropriately."

The volume of HD content already available for download via torrents provides ample evidence that pirates are already available to lift content from Blueray discs. Nonetheless the circumvention of HDCP is still noteworthy for both cryptologists and the entertainment industry because it involves a break in the core technology used to protect HD content, rather than its circumvention on individual titles or discs. ®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.