AACS Confirms Hacks on High-def DVD Players
ARTICLE DATE: 01.26.07

By Reuters , eWEEK
A consortium of movie studios and technology companies backing the encryption system for high-definition DVDs on Thursday confirmed that hackers have stolen "title keys" and used them to decrypt high-definition DVDs through flaws in DVD player software.

Both the title keys and a number of decrypted films have been posted on peer-to-peer Web sites for downloading and copying, a spokesman for the Advanced Access Content System (AACS) Licensing Authority said.


The large size of the files and the high cost of writable hi-def discs make large-scale copying of high-definition DVDs impractical, but the attacks on the new format echo the early days of illegal trafficking in music files, AACS spokesman Michael Ayers said on Thursday.

"We want to make sure we address this now. It has a potentially limited impact now but some sobering possibilities," Ayers said.

The hackers did not attack the AACS system itself, but stole the keys as they were exchanged between the DVD and the player to strip the encryption from the film.

A large-scale failure of AACS could be a threat to the $24 billion DVD industry, which has started to cool and was counting on next-generation DVD sales to reinvigorate it.

The hackers obtained the keys from "one or more" player applications but AACS would not identify them or say whether their AACS licensing would be revoked.



"We certainly have not ruled out any particular response and we will take whatever action is appropriate," Ayers said.

The security breach affects both of the high-definition DVD formats—Sony Corp's Blu-Ray and Toshiba's HD DVD, Ayers said.

The confirmation of the attack comes about a month after a hacker called Muslix64 described in an online posting how he defeated the encryption system by using DVD player software.

AACS LA founders include IBM Corp, Intel Corp, Microsoft Corp, Panasonic, Sony Corp, Toshiba Corp, the Walt Disney Co, and Warner Bros Studios, a unit of Time Warner Inc.

Copyright (c) 2007 Ziff Davis Media Inc. All Rights Reserved.

Hilarios! All the Preachers out there!

http://www.pcmag.com/article2/0,1895,2087733,00.asp

Please change your thread title. The article does not state HD DVD. It states High Def DVD. And right in your quoting:

The security breach affects both of the high-definition DVD formats—Sony Corp's Blu-Ray and Toshiba's HD DVD, Ayers said.


Your thread title is highly misleading.

Please change your thread title. The article does not state HD DVD. It states High Def DVD. And right in your quoting:



Your thread title is highly misleading.

I agree. If the OP doesn't change the title I request a mod please change the title to something some accurate.

Every single title released to date for both HD DVD and Bluray are vulnerable. Every title that is released until the device keys are revoked and new software issued will be vulnerable.

While HD DVD is confirmed to be "hacked", doesn't Blue ray has another level of protection?

While it seems that BD+ hacks are likely to follow, I am not sure it is "confirmed".

I think the title is correct when printed. Only HD DVD is "confirmed" to be hacked at that point.

I think you guys are just over sensitive sometimes.

Ben

There are no BD+ enabled titles. BD+ is still not finalized. Blu-Ray is confirmed as being hacked. We aren't sensitive, we are just being factual.

While HD DVD is confirmed to be "hacked", doesn't Blue ray has another level of protection?

While it seems that BD+ hacks are likely to follow, I am not sure it is "confirmed".

I think the title is correct when printed. Only HD DVD is "confirmed" to be hacked at that point.

I think you guys are just over sensitive sometimes.

Ben
No, you're just not informed. The announcement on the official AACS website says this hack isn't exclusive to either format, there is a BackupBluray application available for download, as many BD keys as HD-DVD keys have been posted, and as many ripped BDs available for download as HD-DVDs. Suffice to say, this thread title is highly misleading. :rolleyes:

http://www.aacsla.com/home

Latest News:

RESPONSE TO REPORTS OF ATTACKS ON AACS TECHNOLOGY

January 24, 2007

AACS LA has confirmed that AACS Title Keys have appeared on public web sites without authorization. Such unauthorized disclosures indicate an attack on one or more players sold by AACS licensees. This development is limited to the compromise of specific implementations, and does not represent an attack on the AACS system itself, nor is it exclusive to any particular format. Instead it illustrates the need for all AACS licensees to follow the Compliance and Robustness Rules set forth in the AACS license agreements to help ensure that product implementations are not compromised. AACS LA employs both technical and legal measures to deal with attacks such as this one, and AACS LA is using all appropriate remedies at its disposal to address the attack.

Someone Should Change The Title, Please!

While HD DVD is confirmed to be "hacked", doesn't Blue ray has another level of protection?

While it seems that BD+ hacks are likely to follow, I am not sure it is "confirmed".

I think the title is correct when printed. Only HD DVD is "confirmed" to be hacked at that point.

I think you guys are just over sensitive sometimes.

Ben

Well since logic doesn't matter how about we change the title too "Blueray hacked and will cease to be format. HD DVD continues to win." Sound good?

No? Maybe because that would be a misleading title. The point is the AACS LA announcement names both formats are being circumvented. Neither have been directly hacked. Both have had their security bypassed due to failures on the part of the software player's poor design. Both formats are equally affected by this issue.

Right now on doom9 forum (search google - not sure of avs policy on this) there are title keys for BOTH HD DVD titles and BD titles. Only reason HD DVD was affected first is the high cost associated with BD drives made it take longer before hackers had access tot he neccessary hardware.

I demand this thread titlle be changed immediately.

AACS Confirms Hacks [..]
ARTICLE DATE: 01.26.07

And only a month after muslix posted his source code... It's good to see organisations can be so nimble.

And only a month after muslix posted his source code... It's good to see organizations can be so nimble.No doubt......

Many have said these types of breaches in AACS will end up being a cat and mouse type thing. So far, the mice seem to be much more nimble than the cats.

So this will probably continue for a while. Instead on 'cat and mouse,' I think its going to look more like a game of 'whack a mole.' Muslix64 and others will keep doing what they're doing, releasing dozens of keys every time there is a breach. What no one seems to be talking about are the more sophisticated hackers out there, like, say, the DVD Jon's of the world. They will be the ones who will bust AACS wide open for good. Each new stockpile of working keys will make their job much easier.

Its only a matter of time, and muslix64 an co seem to be pushing the clock forward. AACS will crumble sooner rather than later.

And only a month after muslix posted his source code... It's good to see organisations can be so nimble.

We (AACS) have confirmed that the attack is not format-specific. Both Blu-ray and HD DVD title keys have been published, and AACS has confirmed that one or more of them are accurate.

The delay in making a statement is due to many factors, including the fact that we must confirm and reproduce the attack in a documented, independent way. There are many (and will be many more) rumors of attacks, and the group needs to be methodical and accurate.

Also, please keep in mind the PR response is not necessarily the highest priority in responding to an attack.

Also, please keep in mind the PR response is not necessarily the highest priority in responding to an attack.

Good to see you here.

Is there anything you can say about what options AACS has in terms of technical response in order to defeat this hack ? Also can you share any reaction from the studios about this attack ?

Both formats will be hacked so what is the point in arguing about it?

While HD DVD is confirmed to be "hacked", doesn't Blue ray has another level of protection?

While it seems that BD+ hacks are likely to follow, I am not sure it is "confirmed".

I think the title is correct when printed. Only HD DVD is "confirmed" to be hacked at that point.

I think you guys are just over sensitive sometimes.

Ben

How about going to the trouble of actually reading the article! It makes clear that BOTH formats have been ripped!

Good to see you here.

Is there anything you can say about what options AACS has in terms of technical response in order to defeat this hack ? Also can you share any reaction from the studios about this attack ?

In addition, is there any intention of allowing legitimate owners to back up their legally purchased discs?