HDCP gets a man-in-the-middle hack

Researchers at Ruhr University of Bochum in Germany have successfully deployed a man-in-the-middle (MITM) attack to crack the copy protection system used by HDMI ports.

HDCP – or High-bandwidth Digital Content Protection – was developed by Intel. The standard is used for the encrypted transfer of video signals via DVI, HDMI, DisplayPort and other connectors.

Although an HDCP master key was leaked in 2010, using it to design an HDCP-capable chip is quite complicated as well as expensive, and therefore somewhat impractical. 

As such, the researchers decided to try a different approach by developing a standalone hardware platform based on Digilent’s Atlys FPGA board.

“The study was never about devising a way to make illegal copies. Our intention was rather to investigate the fundamental security of HDCP systems and to measure the actual financial outlay for a complete knockout,” Professor Tim Güneysu told Heise Online.

“The fact that we were able to achieve this in the context of a PhD thesis and using materials costing just €200 is not a ringing endorsement of the security of the current HDCP system.”

According to Güneysu, the MITM attack is capable of modifying all communications between a Blu-ray player and a flat screen TV without being detected. 

However, the researcher claimed that recording huge amounts of uncompressed data directly from an HDMI port is of “little practical use” for pirates – even though the MITM platform can be used to easily burn film from Blu-ray discs.