Researchers conduct successful MITM attack on HDCP copy protection
Researchers at the Secure Hardware Group at Germany's Ruhr University of Bochum, led by professor Tim Güneysu, have used a man-in-the-middle (MITM) attack to crack the copy protection system used by HDMI ports with relatively little effort. HDCP (High-bandwidth Digital Content Protection) was developed by Intel and is used to carry out the encrypted transfer of video signals via DVI, HDMI, DisplayPort and other connectors.
Although an HDCP master key, which forms the core element of the encryption system, was leaked in 2010, using it to build an HDCP-capable chip is, according to Güneysu, extremely complicated and expensive. Instead, together with PhD student Benno Lomb, he developed a standalone hardware solution based on a relatively inexpensive FPGA board, specifically Digilent's Atlys board, which has a Xilinx Spartan-6 FPGA containing the requisite HDMI port and a serial RS232 communication port.
According to Güneysu, the study was never about devising a way to make illegal copies. "Our intention was rather to investigate the fundamental security of HDCP systems and to measure the actual financial outlay for a complete knockout. The fact that we were able to achieve this in the context of a PhD thesis and using materials costing just €200 is not a ringing endorsement of the security of the current HDCP system," noted Güneysu. The cost given is what students would have to pay for the board; the regular list price is $350 (£225).
The man-in-the-middle attack, in which a middleman (the Atlys FPGA board) is able to modify all communications between a Blu-ray player and a flat screen TV without being detected, is, however, of no great practical use for pirates. It can be easily be used to burn films from Blu-ray discs, but receivers which can deliver HDTV recordings are already available – and they provide the data in compressed form. In contrast, recording directly from an HDMI port results in a large amount of data.
Furthermore, boxes capable of removing HDCP from a digital audio/video stream have been available since shortly after HDMI was first launched. The manufacturers of these boxes simply got hold of official receiver chips intended for use in displays.