How gizmo maker's hack outflanked copyright trolls

Chumby NeTV: A triumph for mankind


When the master encryption key locking down millions of Blu-ray players and set-top boxes was mysteriously leaked last year, Hollywood moguls worried their precious high-definition movies would face a new flurry of piracy.

Instead, it spawned the Chumby NeTV, a tiny, Wi-Fi-connected box that sits between a television and a set-top box or DVD player so email alerts, Tweets and other internet content are scrolled across the bottom of the screen – all without interrupting the flow of the video.

Making the NeTV break into the encrypted video stream passing through an HDMI cable required the elite hacking skills of Bunnie Huang, an engineer and co-founder of Chumby, the maker of net-connected alarm clocks that display weather forecasts, news headlines, and other internet content. Using the leaked master key at the heart of the HDCP, or high-bandwidth digital content protection, encryption scheme to modify the content was clever enough. Doing it without violating draconian copyright laws was nothing short of brilliant.

picture of Chumby NeTV

The Chumby NeTV in all its glory

That's because HDCP was created by Intel for the express purpose of thwarting piracy by restricting access to video passing between set-top boxes and TVs. It establishes a secret key that's unique to each pair of devices, creating a barrier for would-be pirates out to capture and copy the high-definition content. Tampering with this scheme runs the risk of violating the Digital Millennium Copyright Act, a law that carries stiff criminal and civil penalties for circumventing technology intended to prevent access to copyrighted material.

Ignorance is bliss

Faced with the challenge of crashing the party that only HDCP-compliant devices can join without running afoul of the DMCA, Huang employed the leaked master key in a way that allows the Chumby NeTV to use the shared secret key to inject Tweets and other content into the encrypted stream without decrypting the restricted video. His device intentionally remains oblivious to the protected work, a distinction he believes keeps it from violating the law's anti-circumvention provisions.

“It's important to note that nowhere in the pipelines is the video data decrypted,” Huang wrote in an email to The Register. “We don't use the master key to break any locks, or circumvent any copyright protection. We use it to enable interoperability and we do so without ever decrypting the source data: encrypted pixels are just replaced with different encrypted pixels.”

Huang's claims have been confirmed by two experts.

“What's interesting here is that although the device does have the keys needed to do decryption, it isn't actually doing that,” Keith Irwin, a professor of computer science at Winston-Salem State University in North Carolina, wrote in an email. “A conceptually simple means of modifying encrypted video would be to have the NeTV decrypt the video signal from the video device, modify it, then re-encrypt it. However, this isn't what the NeTV does.”

Cryptographer Nate Lawson, who heads the Root Labs security consultancy, has analyzed the open-source code that runs the NeTV and provides an analysis here.

Similar topics

Broader topics


Other stories you might like

  • Protecting data now as the quantum era approaches
    Startup QuSecure is the latest vendor to jump into the field with its as-a-service offering

    Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.

    It's unclear when quantum computers will easily crack classical crypto – estimates range from three to five years to never – but conventional wisdom is that now's the time to start preparing to ensure data remains encrypted.

    A growing list of established vendors like IBM and Google and smaller startups – Quantum Xchange and Quantinuum, among others – have worked on this for several years. QuSecure, which is launching this week after three years in stealth mode, will offer a fully managed service approach with QuProtect, which is designed to not only secure data now against conventional threats but also against future attacks from nation-states and bad actors leveraging quantum systems.

    Continue reading
  • Cheers ransomware hits VMware ESXi systems
    Now we can say extortionware has jumped the shark

    Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.

    ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.

    "ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."

    Continue reading
  • Europe proposes tackling child abuse by killing privacy, strong encryption
    If we're gonna go through this again, can we just literally go back in time?

    Proposed European regulations that purport to curb child abuse by imposing mass surveillance would be a "disaster" for digital privacy and strong encryption, say cybersecurity experts.

    A number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps tackle the "detection, removal, and reporting of previously-known and new child sexual abuse material and grooming."

    These options range from voluntary detection and reporting of child sexual abuse material (CSAM) and grooming, to legally mandating that service providers find and report such material using whatever detection technology they wish — essentially scanning all private communications and, if necessary, breaking end-to-end (E2E) encryption for everyone.

    Continue reading

Biting the hand that feeds IT © 1998–2022