Widevine’s end-to-end approach to encrypting copyrighted content and preventing piracy is actually quite secure, according to researchers at Fidus Information Security, who developed the PoC. Level 1 is the most secure, where all content processing and cryptography operations are handled inside a Trusted Execution Environment (TEE); and, Widevine is incorporated into a display via a secured path like HDCP. And in Level 3, which Fidus researchers were able to crack, Widevine is used to decrypt streams using the device’s CPU rather than inside the secure TEE, after which the decrypted stream is sent to the display unprotected. The CDM handles getting the license keys from the Widevine license server, before the content is decrypted and displayed, using Arxan to obfuscate the communication with the server. These content keys are then used by the CDM to decrypt the content, which the user can then view.