Intel Loses DRM Protection With Encryption Key Leak


Score one for the hackers after Intel admitted that its High Definition Content Protection (HDCP) encryption key used to safeguard its set-top boxes, such as Blu-ray and DVD players, was leaked earlier this week.

The leaked key passed quickly around the Web after being published online. Intel spokesman Tom Waldrop confirmed to Fox News Thursday that the published HDCP code appears to be a master key, but said that turning the encryption key leak into profiteering would be more difficult to achieve.

The encryption technology was actually developed by a subsidiary of Intel, Digital Content Protection, which licenses it to HDTV and other digital device manufacturers.

The leak could have dire consequences for the giant chip maker. Specifically, HDCP prevents hackers and copyright thugs from pirating video content on HD devices such as TVs, Blu-ray players and DVDs. Digital rights management software, such as HDCP, is required to prevent copyrighted material from being illegally copied, where it could potentially fall into the wrong hands.

A master key unlocking the HDCP encryption code would essentially give hackers the keys to the kingdom by rendering DRM protections useless. The hack potentially opens up the floodgates for pirates to access Intel's DRM content by removing the encryption incorporated in DVR and other devices, allowing them to replicate any kind of protected HD content.

Some industry analysts say that the leak could indicate a barrage of pirated HD content -- minus the DRM technology -- sold on black and gray markets down the road.

However, at least one solution provider contends that it's unlikely that the leak will lead to widespread pirating.

"This is a pretty arcane issue. I doubt most end users will see any changes or impact to this key leakage," said Andrew Plato, president of Anitian Enterprise Security, a Beaverton, Ore.-based security VAR. "To Intel, it’s a pretty embarrassing event. However, it’s one thing to leak a key, it’s a whole different thing to actually use it and crank out illegal copies of protected content. It also demonstrates the most salient point about encryption -- it’s not the technology, it’s the key management that really matters. No matter how sophisticated an encryption scheme is, if you steal the master keys, the entire system is broken."

Perhaps ironically, Intel has been further investing in the security space with the acquisition of No. 2 security company McAfee in August. While McAfee, which made its name selling anti-virus and endpoint security, does sell an endpoint encryption product, the company does not specialize in a wide breadth of encryption technologies.

The monster security acquisition led some to speculate if Intel planned more security-related acquisitions down the road.

Plato said that the incident didn’t necessarily indicate an encryption technology failing. As such it was doubtful that Intel would look to add an encryption vendor any time soon, he said.

"The idea is to implement a system with a sufficiently complex key and then protect that key. Intel either did not protect that key, or somebody just dedicated enough resources to mathematically derive the key from encrypted content," Plato said. "If it’s the latter, then there really isn’t anything Intel did or could have done, other than implement a different system that did not rely on one, single master key."