Adam Gowdiak of AG Security Research has identified vulnerabilities in Microsoft‘s PlayReady technology, which could allow rogue subscribers to download movies illegally from streaming services. PlayReady is employed by many popular platforms such as Canal+, Netflix, HBO Max, and Amazon Prime Video to protect digital content. The vulnerabilities specifically exploit the Protected Media Path (PMP) and Warbird compiler technologies in Windows, enabling access to plaintext content keys through relatively straightforward XOR operations. Gowdiak’s research, conducted over several months, shows how these keys can be used to decrypt and download content directly, bypassing traditional DRM protections.
The implications of these vulnerabilities are significant, as they affect a wide array of streaming services globally. Gowdiak demonstrated his ability to download movies from Canal+ and extract a content key for a Netflix movie, suggesting that the technique could potentially be used against other services. Despite this, the details of the exploit have not been made publicly available, primarily due to Gowdiak’s dissatisfaction with Microsoft’s handling of previous security disclosures. Instead, Gowdiak has expressed interest in a commercial agreement to disclose the details to Microsoft, indicating the potential value and impact of his findings.
Microsoft has responded to the issue, acknowledging the impact on a subset of content protected by their software-based DRM solutions and is working with partners to address the vulnerabilities. Meanwhile, Amazon Prime Video, after being notified of the potential risk, reported the issue to Microsoft for further investigation but has not observed any misuse of the technique against its platform as yet. This cautious approach highlights the ongoing challenges in ensuring the robustness of digital rights management systems against increasingly sophisticated attacks.
