Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Bug Makes It Easy To Download Movies From Netflix and Amazon Prime

Posted by msmash on from the buggy-software,-worried-companies dept.

A vulnerability found in Chrome by researchers allows people to save copies of movies and TV shows from streaming websites such as Netflix and Amazon Prime. From a Gizmodo report:The vulnerability, first reported by Wired (Editor's note: Wired blocks adblockers), takes advantage of the Widevine EME/CDM technology that Chrome uses to stream encrypted video from content providers. Researchers David Livshits from the Cyber Security Research Center at Ben-Gurion University and Alexandra Mikityuk of Telekom Innovation Laboratories discovered a way to hijack streaming video from the decryption module in the Chrome browser after content has been sent from services like Netflix or Amazon Prime. The researchers created a proof-of-concept (which is currently the only evidence of the exploit) to show how easily they could illegally download streaming video once CDM technology has decrypted it.Google was notified of the bug last month but is yet to patch it.

21 of 128 comments (clear)

  1. This is not a vulnerability by Anonymous Coward · · Score: 5, Insightful

    It's a feature!

  2. DRM the poem by downright · · Score: 5, Funny

    DRM will always fail.
    If it is on a screen or through a speaker
    I can capture and re-feature
    So spend your money and waste your time
    I want media I buy to be mine
    I can watch it on a tv
    I can watch it on a phone
    I can watch it in a car
    I can watch it at home
    I know to this you are appalled
    But any other way and we don't want it at all.
     

    1. Re:DRM the poem by Calydor · · Score: 4, Informative

      He wasn't talking about getting anything for free. He very specifically talks about media that has been bought.

      --
      -=This sig has nothing to do with my comment. Move along now=-
  3. In the Case of Prime by twmcneil · · Score: 3, Interesting

    This should be called a feature. Netflix advertises itself as a streaming service. Amazon Prime claims that you can "own" the movie. Problem is Prime is still just a streaming service. It's false advertising and the reason I don't use Prime for movies. If I "buy" a movie, I expect to be able to d/l to a portable drive so I can watch it when I don't have a data connection. If I subscribe to streaming service, I won't have that expecation.

    --
    "The ferrets, they're every where I tell you!"
    1. Re:In the Case of Prime by Stealth+Dave · · Score: 3, Informative

      Amazon Prime claims that you can "own" the movie. Problem is Prime is still just a streaming service. It's false advertising and the reason I don't use Prime for movies. If I "buy" a movie, I expect to be able to d/l to a portable drive so I can watch it when I don't have a data connection. If I subscribe to streaming service, I won't have that expecation.

      I think you mean Amazon Video, the division that sells content for download and purchase, not Amazon Prime which actually is a streaming service similar to Netflix. However, by this definition, you are buying movies from Amazon Video; not just streaming. Any video content that you purchase from Amazon can be downloaded to your Android or iOS device (including an external microSD Card in the case of the former) with the Amazon Video app for later playback offline; no data connection required. We do this regularly to watch movies from Amazon while on a flight, in a car with no wifi, etc. You can even download Amazon Prime video (which you do not own) and play it offline for a certain period of time, which I believe is 30-45 days from the time of download; quite reasonable for content that you do not own, IMO.

      What you cannot do is play it back on any device with a player of your choice. Amazon Video, just like Apple's iTunes, Google Play, Vudu, UltraViolet partners, etc., places DRM on all content that they sell, and it will only play on authorized devices and software.

      - Stealth Dave

      --
      Evil is as eval("does");
  4. Repeat after me... by kju · · Score: 3, Informative

    DRM does not work. There will always be a way around it.

    1. Re:Repeat after me... by Anonymous Coward · · Score: 2, Funny

      Some people believe that one day they'll figure out how to let you listen to something without you being able to record it, or show you something without you being able to take a picture of it.

  5. Re:Netflix shares to rise by I-am-a-Banana · · Score: 3, Informative

    I am a Netflix subscriber. When I VPN into my work network my computer goes through a US proxy and I get the more featured US Netflix. If tool came out I would love it because I could download the show, and then watch it later through my media player.

  6. Re:Illegally? by NotInHere · · Score: 5, Interesting

    thanks to mpaa and friends, bypassing DRM (even if its for legal purposes!) is illegal. Documenting how to bypass it is illegal too.

    In fact, if you tell google about the "vulnerability", you already commit a crime. Therefore, I think its best that google doesn't fix the "vulnerability", because if they fix it, people will find out about the details of the "vulnerability" by reading the git history, and this means google commits a crime itself.

  7. whut evvar by cellocgw · · Score: 2, Informative

    And nearly all that content can be accessed faster and more easily via kat or piratebay.

    bfd, really

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  8. Or do it the better way... by Lumpy · · Score: 4, Informative

    Netflix Disc subscription... MakeMKV + handbrake. end up with far FAR better quality rips and 100% undetectable by the copyright police.

    --
    Do not look at laser with remaining good eye.
    1. Re:Or do it the better way... by Gr8Apes · · Score: 2

      Honestly, with several hundred discs in my library, I only have Netflix for recent movies I only want to see once, with some others I may have interest in. In the past year I'd say at least 20% of the movies I've gotten have been so bad I didn't even watch the whole thing. I'm suspecting my tolerance for uninspired movies has dropped significantly though. (and no, the twilight series was never in my queue, so you can cross those off the rejection list)

      --
      The cesspool just got a check and balance.
    2. Re:Or do it the better way... by brewthatistrue · · Score: 2

      I found this out only after renting a Blu-Ray from netflix and realizing Windows 8.1 and Windows Media Player didn't come with the ability to play Blu-Ray.

  9. 'illegally download streaming video' by Anonymous Coward · · Score: 2, Insightful

    Yet another headline written by people who don't know how the Internet works.

  10. It's not a bug. It's a feature. by luis_a_espinal · · Score: 3

    Chrome Bug Makes It Easy To Download Movies From Netflix and Amazon Prime

    When it comes to Amazon Prime, I like this bug... err feature. Owning content that can't download? I was a sucker when I bought a few things that I could have gotten on DVD. Never again.

  11. What bug? by Opportunist · · Score: 3

    For the first time ever "it's not a bug, it's a feature" is actually true.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  12. Re:Netflix shares to rise by flyingfsck · · Score: 5, Informative

    For real operating system users:
    ffmpeg -f x11grab -r 25 -s cif -i :0.0 out.mpeg

    For toy operating system users:
    install uscreencapture dshow filter, then ffmpeg -f dshow -i video="UScreenCapture" out.mp4

    You are welcome.

    --
    Excuse me, but please get off my Pennisetum Clandestinum, eh!
  13. Re:Netflix shares to rise by tepples · · Score: 2

    install uscreencapture dshow filter

    Does that even work if a player application that uses Protected Media Path is running?

  14. Then serve ads that don't track people by tepples · · Score: 2

    I don't block ads. I block services that track me across websites. Serve me ads that don't track me across websites, directly from a server whose FQDN ends in .wired.com, and I'll see them. But neither WIRED nor Forbes appears to be smart enough to set this up.

  15. Re:Wired Adblock by Grishnakh · · Score: 2

    Yeah, but in the case of Forbes at least, how is that useful?

    Ever since Forbes implemented that blocker (which I can't get around on my work computer anyway), I find that it's been a positive effect on my web-browsing experience by preventing me from wasting my time and polluting my brain by reading Forbes "articles".

  16. Make the "piracy" slightly inconvenient by Blaskowicz · · Score: 2

    It's all about detering the 80%-90% people just like what Microsoft did with Windows (95, 2000, XP etc.)
    Heck, while Windows was a matter of entering a known CD key or downloading a volume licensed version, the VPN solution for Netflix doubles your monthly bill so you need both technical ability and a willingness to pay.

    Going after the biggest VPNs (e.g. let's say public ones with more than 100 Netflix users) is like Windows activation, sort of a show stopper although it was just one more step that was never intended to stop unlicensed Windows users, just prevent your uncle to install it (given that Internet access made finding a key trivial)

    There's also some "plausable deniability" : pretend you don't know about all the VPNs, but show you do something about the ones you know. Thus the media licenseholders won't make a fuss and slashdot users can access the Netflix, which they pay for.