back to article Cryptographers crack system for verifying digital images

Cryptographers have cracked software used to verify that images taken with Canon cameras haven't been altered. Russian password-cracking company ElcomSoft said on Tuesday that it's able to extract the original signing key from the Canon Original Data Security Kit and use it to validate fake photos. Canon has billed the service …

COMMENTS

This topic is closed for new posts.
  1. Aremmes
    FAIL

    NIH syndrome strikes again

    So the requirements say that a method to asymmetrically authenticate a message is needed. There are several digital signature algorithms available, many within reach of a Google search. What do we do? We'll ignore decades of crypto research and invent our own signing algorithm, of course.

    1. This post has been deleted by its author

  2. Andy 68
    Thumb Up

    Oh come on.....

    A cracking/hacking/security outfit with a sense of humour?

    That's got to be a first, and loudly applauded!

    1. Anonymous Coward
      Joke

      they did it for the lulz

      Ooh, I can think of one other one:

      What about Goatse security? (Gaping Holes Exposed)

  3. Anonymous Coward
    Anonymous Coward

    Ouch

    Wouldn't like to have just spent £1000 or whatever they fleece people for to buy the program that authenticates photos.

    Canon's meerkating people should put a positive spin on this by releasing new firmware updates for its cameras that removes the feature but only claims in the changelogs to have 'streamlined file format options to lengthen battery life'.

  4. Ef'd
    Heart

    Russians

    "The Russian company mocked the system by posting doctored photos authenticated by the system purporting to show Russian cosmonauts landing on the moon ahead of US astronauts and Joseph Stalin brandishing an iPhone."

    Gotta love them.

    1. Anonymous Coward
      Anonymous Coward

      Re: Russians

      As you may remember, one of Elcomsoft's own was jailed for a while in the US because Adobe's DRM got broken and they used the DMCA to jail the guy:

      http://en.wikipedia.org/wiki/Dmitry_Sklyarov

      So, rubbing faces in it isn't so inappropriate, really.

  5. Anonymous Coward
    Anonymous Coward

    pics on the link

    Excellent fun mockups, but for me the statue of liberty with a sickel is purest win. Great to see such humour!

  6. Anonymous Coward
    FAIL

    It can't work no matter how much crypto they use, can it ?

    Even if they get the crypo right and the camera is tamper proof so that the signing key can't be extracted and the camera can't be fooled as to the time or its location, what's to stop me displaying a doctored ufo pic on a big screen in the back of my van, traveling to the correct location and there taking a picture of the screen ?

    So long as the screen has much better pixel count and colour depth than the camera, it should be possible to transform the displayed image so as to totally control each pixel on the image that the camera takes, not so ?

    1. Anonymous Coward
      Anonymous Coward

      As that Famous Saying Goes...

      "The camera never lies..."

      "...only the photographer"

      (the last half is often forgotten)

    2. Grease Monkey Silver badge

      Screen?

      "So long as the screen has much better pixel count and colour depth than the camera"

      And where are you going to find a screen that meets those criteria then?

      1. Tom 13

        It may be expensive, but it is certainly doable.

        Essentially that's how many of the effects for B5 were done, except they found the trick of putting a mirror between the image to be captured and the camera. Apparently the defects inherent in the mirror introduce sufficient change from the sharp lines of a computer so the images look more realistic. I think I read in a Reg article comment somewhere that that was actually an old spy trick.

    3. Hugh McIntyre

      Re: It can't work no matter how much crypto they use, can it ?

      Probably in that case the metadata is going to show a focus distance of a few feet ahead of the camera, not infinity as you would expect for a UFO in the sky, which may be a giveaway.

      This is even if you could make your high resolution/color depth screen projection beat the camera's ability to detect, which seems unlikely in practice even though you might think it possible in theory.

      1. Dave Bell
        Boffin

        Close-up Lens

        Photographers have been doing this for a really long time.

        OK, if the focus mechanism uses a sensor which doesn't look through the lens, life gets complicated, but all you need to do is hold a magnifying glass in front of the camera lens.

  7. KitD
    Coat

    Strictly speaking ...

    I believe they are cryptanalysts. Cryptographers do the encrypting.

    Sorry. Coat. Get

  8. John Smith 19 Gold badge
    Joke

    Another great win for security by obscurity

    Or perhaps not.

  9. Elmer Phud
    Thumb Up

    pwnd

    well and truly taken to the cleaners

    I'm not sure which is the best picture - the iPhone or the Statue of Liberty

    (icon needed for 'laughed my tits off')

  10. The BigYin
    Joke

    This is not a problem

    Breaking crypto is against the law.

    So no one should do it.

    Every employee at ElcomSoft involved should now be in the gulag.

    What do you mean "That's not how the world works"?

    Tell that to the MAFIAA and their DMCA fanatics

  11. Anonymous Coward
    Anonymous Coward

    previous work in this area

    70% of the information is already there :

    see end of section 2.4.2 in http://lclevy.free.fr/cr2/

  12. This post has been deleted by its author

This topic is closed for new posts.

Other stories you might like