BGU Researchers Discover Google Chrome Vulnerability
BGU Researchers Discover Google Chrome Vulnerability
June 24, 2016
Homeland & Cyber Security, Press Releases
A security vulnerability in Google technology that is supposed to protect videos streamed via Google Chrome has been discovered by researchers from the Ben-Gurion University of the Negev Cyber Security Research Center (CSRC) in collaboration with a security researcher from Telekom Innovation Laboratories in Berlin, Germany.
The Ben-Gurion University. Google Vulnerability Video demonstration video shows how easily content can be stolen from a protected video. Piracy costs studios $6.1 billion annually, according to the Motion Picture Association of America.
The vulnerability in the encryption technology, Widevine EME/CDM, opens an easy way for attackers to hijack protected content delivered via different popular streaming services, making the unprotected content available for illegal distribution. DRM (Digital Rights Management) is a technology that aims to protect copyrighted content from theft and illegal distribution. CDM (Content Decryption Module) is a browser component that controls playback of DRM protected content including decryption. EME (Encrypted Media Extensions) is an HTML5 API that provides a communication channel between the browser and the CDM.
David Livshits, a security researcher and a PhD student at the CSRC under the supervision of Dr. Asaf Shabtai, has developed an attack proof-of-concept that is able to save a decrypted version of any streamed content protected by Google Widevine DRM and played via Google Chrome on a computer’s disk drive.
The proof-of-concept has been tested successfully and consistently on different recent versions of Google Chrome in combination with Netflix streaming services as well as Amazon TV.
“The simplicity of stealing protected content with our approach poses a serious risk for Hollywood, which relies on such technologies to protect their assets,” says Livshits.
The attack proof-of-concept can be bundled in an executable file and can be installed on any computer with Google Chrome to achieve its goals. The proof-of-concept as well as the vulnerability details have been reported to Google’s security team, and the researchers are assisting in the process of plugging the vulnerability and making sure the problem is solved as soon as possible.
“A CDM that uses the TEE, Trusted Execution Environment, is a new approach for protecting content and this is another step in making it more secure,” says Alexandra Mikityuk of Telekom Innovation Labs in Berlin, who also serves as Security in Telecommunications (SECT) chair at the Technical University of Munich.
“We are adhering to Google’s Project Zero responsible disclosure policy and we will release the details of the vulnerability when a fix will be provided to users to prevent malicious usage of the POC prior to the availability of proper protection,” said Dr. Shabtai.
“We hope that disclosure of this vulnerability will urge other DRM vendors to re-evaluate the security of their products and provide additional layers of defense,” says Dr. Rami Puzis, a researcher at the BGU CSRC and a lecturer in the Department of Information Systems Engineering.
The BGU CSRC is managed by Prof. Yuval Elovici, a member of Ben-Gurion University’s Department of Information Systems Engineering and director of the Deutsche Telekom Laboratories at Ben-Gurion University of the Negev. The CSRC is a collaboration between the University and Israel’s National Cyber Bureau, focusing on advanced cyber security topics.
“Evaluating the security of content protection technologies, as well as devising proper defense strategies is a core competency at the BGU CSRC,” says Dudu Mimran, chief technology officer.
ABOUT AMERICANS FOR BEN-GURION UNIVERSITY
By supporting a world-class academic institution that not only nurtures the Negev, but also shares its expertise locally and globally, Americans for Ben-Gurion University engages a community of Americans who are committed to improving the world. David Ben-Gurion envisioned that Israel’s future would be forged in the Negev. The cutting-edge research carried out at Ben-Gurion University drives that vision by sustaining a desert Silicon Valley, with the “Stanford of the Negev” at its center. The Americans for Ben-Gurion University movement supports a 21st century unifying vision for Israel by rallying around BGU’s remarkable work and role as an apolitical beacon of light in the Negev desert.
About Ben-Gurion University of the Negev
Ben-Gurion University of the Negev embraces the endless potential we have as individuals and as a commonality to adapt and to thrive in changing environments. Inspired by our location in the desert, we aim to discover, to create, and to develop solutions to dynamic challenges, to pose questions that have yet to be asked, and to push beyond the boundaries of the commonly accepted and possible.
We are proud to be a central force for inclusion, diversity and innovation in Israel, and we strive to extend the Negev’s potential and our entrepreneurial spirit throughout the world. For example, the multi-disciplinary School for Sustainability and Climate Change at BGU leverages over 50 years of expertise on living and thriving in the desert into scalable solutions for people everywhere.
BGU at a glance:
20,000 students | 800 senior faculty | 3 campuses | 6 faculties: humanities & social sciences, health sciences, engineering sciences, natural sciences, business & management, and desert research.
For all press inquiries, please contact:
James Fattal, J Cubed Communications
516.289.1496
Stories Like This
