Want to watch Netflix for free? Now you can! (If you’re savvy.)
Security researchers have just discovered a major vulnerability in the Chrome browser that allows users to download streaming content from major distributors like Netflix and Amazon Prime.
These services have thousands of movies and shows available for streaming at a price, however, this Chrome security bug allows Chrome users to get around its copy protection system and get this content right away.
The researchers stated: “The simplicity of stealing protected content with our approach poses a serious risk for Hollywood which rely on such technology to protect their assets.”
This is a new bug that was just discovered last month. Google is well-alerted of the issue but has not issued or announced any sort of bug patch.
Last updated: 1/8/19.
So is Google allowing this free Netflix hack?
The bug is based on the Widevine digital rights management system (DRM) which is owned and operated by Google. It’s built into Chrome and it’s basically an engine that processes protected media streams, such as those of Netflix and Amazon Video. This engine uses two pieces of data to enforce protection- an encrypted media extension which handles security key exchanges, and a content decryption module, which unscrambles these protected videos so they can be watched in the Chrome browser.
The security researchers found out that users can obtain access to the unprotected movie file before it’s played in the browser with software. Users can download these movies and keep them without paying for Netflix or Amazon services.
What’s Google going to do about it?
The caveat is that the security researchers have not disclosed how to access this vulnerability, and can’t do so until three months after Google is alerted. Google allows a minimum so that their own in-house security researchers can give these third-party vendors to fix bugs Google finds before the bugs are mentioned to the public. This isn’t to let everyone know that you can hack Netflix, but rather let users know there’s a bug going around for information. Not a step-by-step guide on getting these movies for free.
The only thing available to the public besides news like this article is this video, released by the research team:
A Google spokesperson stated that the company is examining the issue, but didn’t announce any patches to fix it. Apparently, the bug isn’t only in the Chrome browser, but rather any browser built on the same source code (Chromium).
“Chrome has long been an open-source project and developers have been able to create their own versions of the browser that, for example, may use a different CRM or included midfield CDM rendering paths” stated the spokesperson.
Update: This hack came out to the public and was recently abused. It’s then been patched and shouldn’t work anymore. This means no more free Netflix.
Google Chrome and piracy
Google can fix the issue, but it would be difficult (but also possible) for Netflix and Amazon to go their own code and try to block these bugs. However, even if Google patches it, a skilled developer can simply release a previous version of Chrome without the patch and distribute it.
Firefox and Opera also use the Widevine DRM, but they haven’t been tested for the bug.
Other than Chrome OS, this bug doesn’t seem to be apparent on any other browser. If you’re a user, you could’ve gotten your favorite movies and shows for free. It’s no longer accessible as of now. It’s been patched. Bummer.