Author: J. Alex Halderman
-
Amazon’s MP3 Store Wisely Forgoes Watermarks
Last week Amazon.com launched a DRM-free music store. It sells tracks from two major labels and many independents in the unprotected MP3 file format. In addition to being DRM-free, Amazon’s songs are not individually watermarked. This is an important step forward for the music industry. Some content companies see individualized watermarks as a consumer-friendly alternative…
-
AACS Updated, Broken Again
[Other posts in this series] We predicted in past posts that AACS, the encryption system intended to protect HD-DVD and Blu-ray movies, would suffer a gradual meltdown from its inability to respond quickly enough to attacks. Like most DRM, AACS depends on the secrecy of encryption keys built into hardware and software players. An attacker…
-
AACS: A Tale of Three Keys
[Previous posts in this series: 1, 2, 3, 4, 5, 6, 7.] This week brings further developments in the gradual meltdown of AACS (the encryption scheme used for HD-DVD and Blu-Ray discs). Last Sunday, a member of the Doom9 forum, writing under the pseudonym Arnezami, managed to extract a “processing key” from an HD-DVD player…
-
Diebold Shows How to Make Your Own Voting Machine Key
By now it should be clear that Diebold’s AccuVote-TS electronic voting machines have lousy security. Our study last fall showed that malicious software running on the machines can invisibly alter votes, and that this software can be installed in under a minute by inserting a new memory card into the side of the machine. The…
-
AACS: Game Theory of Blacklisting
[Posts in this series: 1, 2, 3, 4, 5, 6, 7.] This is the fourth post in our series on AACS, the encryption scheme used for HD-DVD and Blu-Ray discs. We’ve already discussed how it’s possible to reverse engineer an AACS-compatible player to extract its secret set of device keys. With these device keys you…
-
AACS: Blacklisting, Oracles, and Traitor Tracing
[Posts in this series: 1, 2, 3, 4, 5, 6, 7.] This is the third post in our discussion of AACS, the encryption scheme used for HD-DVD and Blu-Ray discs. Yesterday Ed explained how it is possible to reverse-engineer a player to learn its secret device keys. With the device keys, you can extract the…
-
CD DRM: Attacks on Disc Recognition
Ed and I are working on an academic paper, “Lessons from the Sony CD DRM Episode”, which will analyze several not-yet-discussed aspects of the XCP and MediaMax CD copy protection technologies, and will try to put the Sony CD episode in context and draw lessons for the future. We’ll post the complete paper here next…
-
Make Your Own Copy-Protected CD with Passive Protection
Here’s a great gift idea just in time for the holidays: Make your friends and relatives their very own copy-protected CDs using the same industrial-grade passive protection technology built into XCP and Macrovision discs. Passive protection exploits subtle differences between the way computers read CDs and the way ordinary CD players do. By changing the…
-
Hidden Feature in Sony DRM Uses Open Source Code to Add Apple DRM
For weeks, the blogosphere has been abuzz with tales of intrigue about Sony’s XCP copy protection system. Among the strangest revelations was that XCP itself infringes on the copyrights to several open source software projects. In one case, Sam Hocevar found conclusive evidence that part of XCP’s code was copied from a program called DRMS,…
-
MediaMax Permanently Installs and Runs Unwanted Software, Even If User Declines EULA
In an earlier post I described how MediaMax, a CD DRM system used by Sony-BMG and other record labels, behaves like spyware. (MediaMax is not the same as XCP, the technology that Sony-BMG has recalled; Sony-BMG is still shipping MediaMax discs.) MediaMax phones home whenever you play a protected CD, automatically installs over 12 MB…