COMMAND

    HDCP

SYSTEMS AFFECTED

    High-bandwidth Digital Content Protection system

PROBLEM

    There is currently a reported vulnerability in the  High-bandwidth
    Digital  Content  Protection  system  used  by  different hardware
    vendors.   The  vulnerability  was  found  by Niels Ferguson after
    analyizing the system.   However, Niels is  unable to release  the
    vulnerability due to US and soon international laws.  Due to  DMCA
    restrictions in the US his paper describing these  vulnerabilities
    cannot  be  published  so  there  are  no  details  at  this time.
    Background information from Niels is available here:

        http://www.macfergus.com/niels/dmca/index.html

    HDCP is fatally flawed.   His results show that an  experienced IT
    person can  recover the  HDCP master  key in  about 2  weeks using
    four computers  and 50  HDCP displays.   Once you  know the master
    key, you can decrypt any  movie, impersonate any HDCP device,  and
    eve n create new HDCP  devices that will work with  the 'official'
    ones.  This is really, really bad news for a security system.   If
    this master key is ever published, HDCP will provide no protection
    whatsoever.  The flaws in HDCP are not hard to find.

SOLUTION

    Nothing yet.