Hackers now have the keys to the high-def DVD kingdom, leading to serious concerns about the security of DVD player software and the content it is designed to protect on new Blu-ray and HD DVD media.
According to the Advanced Access Content System (AACS) Licensing Authority -- the alliance of motion picture studios and technology companies responsible for the encryption system used to protect Blu-ray and HD DVD content -- hackers have illegally obtained "title keys," also called encryption keys, and used them to decrypt high-definition DVDs.
Hackers have posted the stolen keys on sites such as hdkeys.com for copying and downloading -- allowing anyone to have unauthorized access to the contents of a disc. Whenever a key is made public, it essentially gives people an all-access pass to a decryption free-for-all.
Security experts say one problem is that HD DVD and Blu-ray discs can be played on a PC , which is too insecure a platform to keep AACS safe.
"The title keys that are used to decrypt the movies will reside somewhere in the PC's memory -- it's just a matter of finding them," explained Adrian Kingsley-Hughes, author of Internet blog PC Doctor. "Sure, programmers can try to be sneaky, but this will only slow down a determined hacker. It's not going to stop them."
The publication of the title keys comes about a month after notorious hacker Muslix64 first cracked the encryption system used by the next-gen DVDs, leading industry experts to believe the cracks will continue. Ed Felten, professor of computer science at Princeton University, said he believes we're in a situation that's not going away.
"What the music industry found was that everything they tried to do to prevent infringing, didn't work," he said. And while movie files are larger than music files -- making them more laborious to copy and download -- what's troubling is the rate at which the attacks occur, he noted.
Kingsley-Hughes said there isn't much the studios can do. Developers involved in creating software players for HD DVD and Blu-ray will no doubt be paying more attention to keeping title keys more secure, but all this does is buy them time. "Studios can change the title keys, but that doesn't help," he said. "One compromised disc is all it takes -- and that movie can be available on [file-sharing networks] in a matter of hours."
Felton said he believes the AACS is not entirely helpless, noting that the organization has developed new ways for the software to hide the encryption keys. But he compared the relationship between the hackers and the AACS to a kind of "arms race." "It's an unfavorable arms race," he said. "In the end we'll continue to see the publication of keys, and people will be able to decrypt these disks."
The AACS Licensing Authority includes such industry heavyweights as Sony, Toshiba, IBM, Warner Bros., and Panasonic .