Feeds

Intel confirms HDCP copy-protection crack

That's torn it

Beginner's guide to SSL certificates

Intel has confirmed Blu-ray HDCP encryption is cracked after admitting a leaked master key is the real deal.

High-bandwidth Digital Content Protection (HDCP) copy protection technology is designed to protect high-definition video content as it travels across digital interfaces. The technology was developed by Digital Content Protection, a subsidiary of Intel, and licensed to HDTV, set-top boxes and Blueray disk manufacturers and the like.

A leaked key, now confirmed as genuine, was published online on Tuesday via Pastebin, and quickly spread around the web. The master key creates a mechanism to strip the encryption from, for example, a HD satellite TV broadcast and a DVR, at least in theory. The availability of a master key effectively renders the key revocation feature built into HDCP impotent.

Tom Waldrop, a spokesman for Intel, confirmed that the leaked key works as advertised, although practical hacks would be hard if not impossible to achieve.

"What we have confirmed through testing is that you can derive keys for devices from this published material that do work with the keys produced by our security technology," Waldrop told FoxNews, adding: "This circumvention does appear to work."

Intel reckons that someone exploiting the hack would need to build a device that ignores HDCP copy protection, with a specialist chip. Software hacks would simply be too slow.

The chip giant is keen to reassure the entertainment industry that the situation is under control. "HDCP remains an effective component for protecting digital entertainment," Waldrop said. "It relies on these licensing agreements to ensure that implementations are done appropriately, and there are legal enforcement methods available for cases where it is done inappropriately."

The volume of HD content already available for download via torrents provides ample evidence that pirates are already available to lift content from Blueray discs. Nonetheless the circumvention of HDCP is still noteworthy for both cryptologists and the entertainment industry because it involves a break in the core technology used to protect HD content, rather than its circumvention on individual titles or discs. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.