The availability of an application that removes copy protection from Windows Media files has prompted BSkyB to temporarily suspend its movie download service. It demonstrates the vulnerability of services that rely on software-based digital rights management.

A computer program called FairUse4WM posted on the web removes digital rights management protection from Windows Media files that use an individualised key to tie media to a particular computer.

Microsoft Windows Media copy protection compromised by FairUse4WM application

The program provides a graphic interface to an earlier programme that was used to crack Windows Media 10 and extends its capabilities to the latest version 11 files.

The tool claims that it extracts the decryption keys from Windows Media Player “for the purpose of allowing the user to improve the interoperability of legitimately acquired media files”.

Microsoft says it is aware of the problem and has issued its partners with an update to address the issue.

“Microsoft has long stated that no DRM system is impervious to circumvention — a position our content partners are aware of as well,” a Microsoft representative said in a statement. “That is why we designed the Windows Media DRM system to be renewable, so that if such events occur the system can be refreshed to address them.”

This latest breach of the digital rights management system apparently allowed users to remove any protection from files downloaded by many music sites. This presents a serious threat to subscription services that provide unlimited access to music for a monthly fee.

The exploit comes as Microsoft is preparing to launch its Zune media player to compete with the Apple iPod.

BSkyB advised its Sky by Broadband customers that it was temporarily suspending access to the movies available on its download service. A message on its web site said: “In order to make an essential update to the Sky by broadband security system, we are sorry that access to all movies and some sports content has been temporarily suspended”.

Pay-television operators such as Sky have generally used hardware based encryption schemes in their set-top boxes to secure access to their programming.

Dr Abe Peled, the chief executive of NDS, a leading provider of such encryption technology to operators including Sky, appeared unsurprised by the attack on the Microsoft digital rights management technology. At a lunch with analysts and journalists he referred to it as a “lucky break”.

Lucky or not, it has implications for providers that plan to rely on Microsoft digital rights management to secure their services. That includes BT Vision with its forthcoming broadband video platform and the BBC with its planned iPlayer.

It is generally accepted that a software system can never be completely secure, but it can be rapidly updated in the event that it is compromised. Microsoft has generally persuaded rights owners of the adequacy of its digital rights management system, which has been generally considered relatively secure and has been central to the successful adoption of its Windows Media format.

The use of digital rights management has frustrated many users that consider it too restrictive. The irony is that the majority of digital media, including free-to-air television and radio, DVDs and compact discs can be copied relatively easily.

By relying on digital rights management to secure programming and protect their business models, service providers remain open to such threats. They are then obliged to suspend their services, rather than accept that ultimately all media can be copied.

www.microsoft.com
www.sky.com