HDCP gets a man-in-the-middle hack

Posted by Trent Nouveau

Researchers at Ruhr University of Bochum in Germany have successfully deployed a man-in-the-middle (MITM) attack to crack the copy protection system used by HDMI ports.

HDCP - or High-bandwidth Digital Content Protection - was developed by Intel. The standard is used for the encrypted transfer of video signals via DVI, HDMI, DisplayPort and other connectors.

HDCP gets a man-in-the-middle hackAlthough an HDCP master key was leaked in 2010, using it to design an HDCP-capable chip is quite complicated as well as expensive, and therefore somewhat impractical. 

As such, the researchers decided to try a different approach by developing a standalone hardware platform based on Digilent's Atlys FPGA board.

"The study was never about devising a way to make illegal copies. Our intention was rather to investigate the fundamental security of HDCP systems and to measure the actual financial outlay for a complete knockout," Professor Tim Güneysu told Heise Online.

"The fact that we were able to achieve this in the context of a PhD thesis and using materials costing just €200 is not a ringing endorsement of the security of the current HDCP system."

According to Güneysu, the MITM attack is capable of modifying all communications between a Blu-ray player and a flat screen TV without being detected. 

However, the researcher claimed that recording huge amounts of uncompressed data directly from an HDMI port is of "little practical use" for pirates - even though the MITM platform can be used to easily burn film from Blu-ray discs.