If you build it, the hackers will come. And come out in droves they have, joining forces to continue assaulting the Advanced Access Content System. >Doom9's forums have been abuzz with news about the ongoing attacks on the AACS copy protection of Blu-ray and HD DVD movie discs.
Hollywood is most certainly in a tizzy. After all, the first successful attack struck in less than a year. The AACS License Administrator, also known as AACS LA , carefully calls such efforts attacks, not hacks, since the security system itself hasn't been cracked. I'd posit that the current methods of attaining keys exploit one hole in the AACS ecosystem, effectively rendering AACS compromised.
Princeton computer science student Alex Halderman, who is observing the AACS situation with researcher Ed Felten, has gone so far as declaring that recent events mark "the first step in the meltdown of AACS."
To recap the short history of this saga: Back in December a hacker going by the moniker Muslix64 posted a workaround, first for HD DVD and then for Blu-ray, on a Doom9 forum. The workaround involved capturing the AACS title key on a movie disc by using a PC- or Xbox-based drive and a PC software player (the only two currently shipping: Corel's InterVideo WinDVD and CyberLink).
By late January the proverbial genie was out of the bottle: AACS title keys, which communicate with the hardware encryption key, appeared on the Web. And software that simplified decrypting title keys -- AnyHDDVD and AnyBluray were the first -- surfaced on the Web too.
AACS LA confirmed the attacks in February, but didn't announce its plan of action until the beginning of this month.
The organization's response was the expected one: It revoked the existing license keys for the affected players and introduced new keys. This is the process by which AACS can respond to an attack, often referred to in industry jargon as "self-healing."
The update affects only PC software players from CyberLink and Corel that can play Blu-ray and HD DVD movie content. Affected players must be updated before they can continue playing high-definition movie discs. Corel issued its update late last week, just before the AACS announcement.
No sooner had the virtual ink on the update announcement barely dried, though, when the Doom9 forum turned ablaze with information on circumventing the newly released Corel InterVideo WinDVD update.
The new workaround has been confirmed on Doom9 with a Toshiba-built Microsoft Xbox 360 HD DVD Player and the updated InterVideo WinDVD software. AACS LA spokesperson Michael Ayers says that the organization is aware of this latest breach and investigating, and that the group will take "appropriate action" based on the findings.