David Livshits from the Cyber Security Research Center at Ben-Gurion University in Israel and Alexandra Mikityuk with Telekom Innovation Laboratories in Berlin, Germany have found that the implementation of Widevine EME/CDM technology that is used to stream encrypted video was lacking and enabled downloading of the video. According to Wired, the two researchers informed Google of this bug already in May but it hasn't yet been patched.
This not only works with Netflix but many of its competitors, like HBO. The researchers will not reveal the details to the bug before 90 days has passed since they told Google about it. Google still has time to issue a fix before pirate jump all over this security hole. The researchers have though released a brief video showcasing the vulnerability.
Google has acknowledged that the bug exists and says that it's working on fixing the problem. The vulnerability might also be found on other Chromium based browsers which include for example Opera.
Written by: Matti Vähäkainu @ 25 Jun 2016 15:21