(LiveHacking.Com) – Security researchers have broken the High-bandwidth Digital Content Protection (HDCP) system used on HD devices (such as Blu-ray) with HDMI ports to protect digital video sent to TVs and monitors against unauthorized copying.
Using a man-in-the-middle (or in this case a computer board in the middle), Prof. Dr.-Ing Tim Güneysu of the Secure Hardware Group at Germany’s Ruhr University of Bochum, has found a way to connect any non-compliant monitor (which would include devices able to record the video) to a HDCP protected video source.
To do the decoding the professor and his students used a low-cost Digilent’s Atlys Development Board with a Xilinx Spartan-6 LX45 FPGA. The board has all the necessary connectors for video input and output. The total setup cost no more than $250.
“We developed an independent hardware solution instead, based on a cheap FPGA board” explained Prof. Dr.-Ing. Tim Güneysu, who set to work with the final year student Benno Lomb. “We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver.”
The result is that the team can now:
- Successfully connect any non-compliant monitor to a HDCP protected video source
- Extract all secret session keys established during authentication
- Decrypt single-link video streams with a resolution of 720p or 1080i in real-time.
This man-in-the-middle attack is of little interest for pirates as there are simplier ways to “rip” a Blu-Ray disc. However Prof. Güneysu does see a real threat to security-critical systems, for example at authorities or in the military.
Although Intel is already offering a new security system, HDCP 2.0, but since it is backward compatibile, the weak point will also remain a problem in coming years.