It was big news last September when the HDCP master key leaked out, but no one's done much with it — you'd need to build an entirely new chip to really use it. But researchers at Germany's Ruhr University took a different path and cracked the ubiquitous system with clever programming and just $250 of commercial gear. The researchers devised an ingenious "man-in-the-middle" attack using their own code and an off-the-shelf Digilent Atlys circuit board, allowing them to connect to any non-HDCP enabled monitor to an HDCP-protected source, lift secret encryption keys established during authentication, and decrypt video streams in real time.
HDCP has already been bypassed in other ways by pirates who can easily tap compressed HD content from receivers, but this attack directly intercepts uncompressed HDCP content. Lead researcher Tim Güneysu says the study was never about creating a way to make illegal copies, but instead to investigate the fundamental security of Intel's encryption. He says "the fact that we were able to achieve this in the context of a PhD thesis and using materials costing just €200 is not a ringing endorsement of the security of the current HDCP system." In the meantime, HDCP continues to bother only a single group of people: those who buy stuff legally.