Hack Widevine L3, the DRM of Google that uses services like Netflix or HBO

Hack Widevine L3, the DRM of Google that uses services like Netflix or HBOWidevine is the DRM (Digital Rights Management, better known as anti-copy system) of Google. It is used by various platforms, such as Netflix or HBO, to protect the copyright of its content. Well, this DRM in its L3 mode, which is the least secure, has been hacked.

It was the cybersecurity researcher David Buchanan who, through his Twitter account, communicated the feat. According to Buchanan, the Whitebox AES-128 implementation of the DRM is vulnerable to a DFA attack (differential fault analysis).

Basically, this attack consists of introducing unexpected conditionals in cryptographic systems (such as a DRM) to reveal internal states and extract information. In this case, the extracted is the encryption key.

Once this is done, the MPEG-CENC file (MPEG Common Encryption) of Netflix or HBO can be decrypted in a completely readable and storable .ffmpeg file, thus violating the security measures and allowing access to the content. That is what Buchanan says, although he has not provided convincing evidence of this.

An error that “can not be fixed”

Widevine, like DRM, has three levels: L1, L2, and L3, although Android uses only the first and the last. When a smartphone has implemented Google Widevine L1, the videos (movies and series of Netflix, HBO, Amazon Prime Video, etc.), are processed under the TEE (Trusted Execution Environment), which is a few words is an environment that concerns the processor and security.

When a terminal opts for Widevine L3, it means that it does not have access to the necessary hardware to encrypt and process the videos in a secure manner, so streaming services reduce the resolution of streaming. Widevine L1 is much safer than Widevine L3, which is the one that has been hacked and has not yet managed to be harmed.

Widevine L1 is the safest level of DRM and has not yet been able to be compromised

Buchanan considers that Widevine L3 is “broken by default at the design level”, so “it can not be fixed”. Security can be improved, he says, but that would imply a reduction in terminal performance. We do not know if you have reported your achievement to Google before making it public, but considering that you ask please do not report it, it seems that the answer is negative.

Google, for its part, has not yet made a statement about it. You can check the DRM level of your device using DRM Info, a free app that you can download on Google Play.