Researchers find bug in Google Chrome that enables illegal copying of streaming moviesMumbai, June27(AZINS) News of shutting down sources of illegally distributed movies--torrent sites, for example--are an everyday occurrence these days. With the proliferation of broadband and the surprisingly easy access to such sources of content, the movie and television industry are at constant loggerheads with content pirates.

A technology called DRM (Digital Rights Management) has been long-since used in the creation of digital content to protect it from illegal access outside of its prescribed sources of viewing. Some form of this technology is used in virtually every streaming video service, Netflix for example, that enables only official subscribers to access content.

But recently, a pair of researchers uncovered a bug in the way this DRM is implemented by Google’s Chrome browser, that actually enables streaming video from services like Netflix and Amazon Prime to be illegally saved to a computer. David Livshits from the Cyber Security Research Center at Ben-Gurion University in Israel and Alexandra Mikityuk who is with the Telekom Innovation Laboratories in Berlin, Germany, discovered this vulnerability and even created a proof-of-concept file that exploits this loophole. They released a video to demonstrate this exploit working.

The video (minus any sound) shows a streaming file being progressively saved to a target computer even while it is playing.

The researchers located a flaw in the manner in which Google uses the Widevine EME/CDM technology that their Chrome browser uses to stream DRM protected video. They reached out to Google informing them of the hack, who curiously responded stating that the technology is also used in other open source browsers based on their Chromium browser project, falling short of stating whether or not they would plug this security leak.

Over 2 billion devices use this Widevide technology to play protected content, but it is not certain how many of these streaming platforms have been compromised as the researchers only focused on the Chrome browser in this case.