HDCP/HDMI security: virus comes to HD TV

High Definition Multimedia Interface - HDMI (for HDCP)As we are interested into the HDCP/HDMI technology that the manufacturers are preparing for a wide distribution, we start finding a few amazing facts.

We had seen previously that HDCP was a technology doomed to fail in front of the attacks by the media pirates, but there is already worse (for the legal users).

Rightly, the designers of this technology have imagined the possibility for pirates to build valid keys (secret codes, if you want) or for the keys from some companies or devices to fall in the hands of a pirate. What is there left in that case? This is very simple, they said. Just let’s have a way to revoke rogue HDCP keys.

As a matter of fact, HD-DVD wil include lists of known rogue keys that need to be revoked (they are considered as false keys, pirate keys, and should not be allowed to keep working with legit devices). Just read the DVD and your DVD player will learn that the device it sends image/video to is no longer allowed to receive them (despite the presence of good/valid keys). The DVD player will thus stop working with this peripheral device.

If you did a little hack, if you connected a PC with a hacked peripheral to pirate, copy, backup, store DVD video images, this is just fair. Too bad for you…

But, the means to distribute revocation lists appear to be quite flexible and numerous: a DVD, a TV-HD broadcast (through the TV set top box), Internet, etc. You already see where this is leading, I guess. We won’t wait long before a hacker writes a virus or a worm able to revoke valid keys from this company or that device family. A fairly interesting view: Suddenly, Sony TV sets (Author’s note: Why did I chose Sony !?!) will no longer be able to see HD-TV broadcasts after playing a bogus DVD or because a guy with nothing best to do will have distributed a set of revocation codes on the TV-over-IP network.

But even this will not be fun enough, there will be more problems when hackers will start using the keys/codes taken from a famous company. If a hacker includes the Sony keys (Author’s note: again?), the choice will be between accepting the pirate/rogue devices or revoke all Sony keys (then the Sony customers will see thousands of TV sets stopping operation to protect the interests of the system). Some will say that Sony earned the kick-in-the-butt, some will say that this brand’s customers do not deserve it.

But will all this bring a real service to the consumer or some more inconveniences for the legit customer from the techology forced upon her by the producers and manufacturers?