September 12, 2024 at 03:29AM
The Common Encryption Scheme (CENC), used by video-streaming platforms like Amazon and Netflix, is revealed to have vulnerabilities. Security researcher David Buchanan’s DeCENC attack can bypass CENC protection, allowing for the capturing, replaying, and spreading of streamed media, posing concerns for commercial streaming platforms. Nevertheless, other simpler techniques also exist for unauthorized copying.
Based on the meeting notes, it appears that there are concerns regarding the effectiveness of the Common Encryption Scheme (CENC) as a DRM protection for online video streams. Security researcher David Buchanan has identified vulnerabilities within CENC, particularly with a proof-of-concept decryption attack known as DeCENC. It is mentioned that the attack could potentially bypass CENC protection and exfiltrate decrypted video data, posing a concern for commercial streaming platforms such as Amazon Prime, Netflix, Hulu, and YouTube.
While DeCENC is highlighted as a plausible attack technique, Buchanan also notes the existence of easier and more practical methods for ripping off streamed media. He points out examples of simpler CENC-bypassing techniques, including capturing content from a screen and digitally recording the HDMI port. Buchanan emphasizes the need for addressing the authentication aspect in encryption and highlights the complexity and non-public nature of technical documents associated with CENC as potential factors that could lead to exploitable gaps.
Furthermore, he suggests improving the accessibility of specifications like CENC, which are currently behind a paywall, to benefit security research. Buchanan also argues that the International Organization for Standardization (ISO) should reconsider this approach. ISO’s response to this concern is not immediately available.
It is evident that there are noteworthy security implications associated with the CENC system and the vulnerabilities highlighted by Buchanan call for a careful evaluation of the current approach to protecting streamed media content. Companies using CENC should consider these findings for enhancing the security of their platforms.