DRM (Digital Rights Management) Software Hack: Lessons Learned

Declaring any technology as 100% secure is a very dangerous statement to make, especially when the security in question is protecting something of value. Value attracts attackers, hackers and fraudsters like nothing else.

I have been listening to industry commentators discussing 5G and the range of services and technologies that it will enable with a degree of unease. Whilst standards and security recommendations are still being written, how can they make these statements?

This is my experience of securing a new technology. I grew up in an era where portable music players and content were protected by DRM (Digital Rights Management) Software. My experience with one of the more popular manufacturers taught me lots about securing services and also the types of attackers you can encounter.

The music service I will describe was based on 4 main components, a physical music player, licensed media content, a web store and a content library. The player, content, store and library were all well protected and secured. The system was “closed” so only official content could be purchased and played on the device. So, what happened?

A well-known hacker team had taken exception to the “closed” system and made it their mission to open the system up to be able to play content on any device or to play content you already owned. They focused their attention on the music player itself and set out to evade the DRM software. Working as a team they were able to functionally decompose the software structure, patch the DRM and distribute new software releases that essentially turned the DRM software off.

The hacker team took great delight in releasing the hack weeks, days or even hours after new upgrades to the player software was released. As an attacking team they had very skilled engineers, resources and ambition. What they were doing was maybe political in nature, free software ethics, maybe a little bit of pride in the skills they were demonstrating. They were hard to protect against with standard software technology.

However.

The defence was to actually turn their own customers against them. A security solution was deployed, essentially code obfuscation combined with multiple code structure variance. By distributing hundreds of functionally identical software updates, each with their own code functional structure, the complexity of being able to break the DRM was increased and it created a “Russian Roulette” game for the customers. If they found a hack for one device, they had a 1-in-100 chance of it working on a different device. The wrong patch killed the device, so it was an expensive mistake for a customer!

The threat cycle was broken, a simple fix didn’t work, customers were not happy their device broke. Job done, victory to the security guys? The hackers’ website changed to come back later for a new software version – coming soon! It never did.

The hacker team did something next that was logical and well-reasoned, but took the manufacturer by surprise. They attacked the DRM on the media content, song MP3s were being stripped of their protection. They did it fast as well, almost like they had the code ready and waiting and were choosing their moment to show their hand. The game of chess would continue. I didn’t see the final justification however a new announcement was made to the market soon afterwards saying the manufacturer was opening up the platform and everything would be DRM free!

I think this is the same scenario we can expect in 5G services. Attackers with specific goals will use the path of least resistance to evade security measures. When one path is protected, we need to expect that they will immediately change to another approach that is likely pre-prepared. This means that security needs to be agile and react to how threats develop. If you are contemplating a 5G based service, I urge you to consider how your service, network and users/devices can be protected, and how that protection can be enhanced in the face of motivated and well-funded attacker. Don’t just play it by ear!

Check out our recent white paper Securing the Path from 4G to 5G, where we share our intelligence on the journey to secure 5G core networks. This white paper is the first of its kind detailing the migration scenarios that mobile operators could be faced with when deploying 5G networks and how to protect mobile networks and subscribers during the migration. Vulnerable 5G core networks will come under attack, and attackers are at their strongest while we’re looking the other way; as the complexities of migration are dealt with, security must not be overlooked.

Download the Securing the Path from 4G to 5G White paper here.