Feeds

Intel confirms HDCP copy-protection crack

That's torn it

Beginner's guide to SSL certificates

Intel has confirmed Blu-ray HDCP encryption is cracked after admitting a leaked master key is the real deal.

High-bandwidth Digital Content Protection (HDCP) copy protection technology is designed to protect high-definition video content as it travels across digital interfaces. The technology was developed by Digital Content Protection, a subsidiary of Intel, and licensed to HDTV, set-top boxes and Blueray disk manufacturers and the like.

A leaked key, now confirmed as genuine, was published online on Tuesday via Pastebin, and quickly spread around the web. The master key creates a mechanism to strip the encryption from, for example, a HD satellite TV broadcast and a DVR, at least in theory. The availability of a master key effectively renders the key revocation feature built into HDCP impotent.

Tom Waldrop, a spokesman for Intel, confirmed that the leaked key works as advertised, although practical hacks would be hard if not impossible to achieve.

"What we have confirmed through testing is that you can derive keys for devices from this published material that do work with the keys produced by our security technology," Waldrop told FoxNews, adding: "This circumvention does appear to work."

Intel reckons that someone exploiting the hack would need to build a device that ignores HDCP copy protection, with a specialist chip. Software hacks would simply be too slow.

The chip giant is keen to reassure the entertainment industry that the situation is under control. "HDCP remains an effective component for protecting digital entertainment," Waldrop said. "It relies on these licensing agreements to ensure that implementations are done appropriately, and there are legal enforcement methods available for cases where it is done inappropriately."

The volume of HD content already available for download via torrents provides ample evidence that pirates are already available to lift content from Blueray discs. Nonetheless the circumvention of HDCP is still noteworthy for both cryptologists and the entertainment industry because it involves a break in the core technology used to protect HD content, rather than its circumvention on individual titles or discs. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
SMASH the Bash bug! Red Hat, Apple scramble for patch batches
'Applying multiple security updates is extremely difficult'
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.