Feeds

back to article Cryptographers crack system for verifying digital images

Cryptographers have cracked software used to verify that images taken with Canon cameras haven't been altered. Russian password-cracking company ElcomSoft said on Tuesday that it's able to extract the original signing key from the Canon Original Data Security Kit and use it to validate fake photos. Canon has billed the service …

COMMENTS

This topic is closed for new posts.
FAIL

NIH syndrome strikes again

So the requirements say that a method to asymmetrically authenticate a message is needed. There are several digital signature algorithms available, many within reach of a Google search. What do we do? We'll ignore decades of crypto research and invent our own signing algorithm, of course.

2
0
Bronze badge

method to asymmetrically authenticate a message

AIUI, the private key has to be accessible during signing, right? So it's in the camera.

2
0
Thumb Up

Oh come on.....

A cracking/hacking/security outfit with a sense of humour?

That's got to be a first, and loudly applauded!

19
0
Joke

they did it for the lulz

Ooh, I can think of one other one:

What about Goatse security? (Gaping Holes Exposed)

1
0
Anonymous Coward

Ouch

Wouldn't like to have just spent £1000 or whatever they fleece people for to buy the program that authenticates photos.

Canon's meerkating people should put a positive spin on this by releasing new firmware updates for its cameras that removes the feature but only claims in the changelogs to have 'streamlined file format options to lengthen battery life'.

2
1
Heart

Russians

"The Russian company mocked the system by posting doctored photos authenticated by the system purporting to show Russian cosmonauts landing on the moon ahead of US astronauts and Joseph Stalin brandishing an iPhone."

Gotta love them.

6
0
Anonymous Coward

Re: Russians

As you may remember, one of Elcomsoft's own was jailed for a while in the US because Adobe's DRM got broken and they used the DMCA to jail the guy:

http://en.wikipedia.org/wiki/Dmitry_Sklyarov

So, rubbing faces in it isn't so inappropriate, really.

3
0
Anonymous Coward

pics on the link

Excellent fun mockups, but for me the statue of liberty with a sickel is purest win. Great to see such humour!

3
0
FAIL

It can't work no matter how much crypto they use, can it ?

Even if they get the crypo right and the camera is tamper proof so that the signing key can't be extracted and the camera can't be fooled as to the time or its location, what's to stop me displaying a doctored ufo pic on a big screen in the back of my van, traveling to the correct location and there taking a picture of the screen ?

So long as the screen has much better pixel count and colour depth than the camera, it should be possible to transform the displayed image so as to totally control each pixel on the image that the camera takes, not so ?

0
0
Anonymous Coward

As that Famous Saying Goes...

"The camera never lies..."

"...only the photographer"

(the last half is often forgotten)

1
0
Bronze badge

Screen?

"So long as the screen has much better pixel count and colour depth than the camera"

And where are you going to find a screen that meets those criteria then?

0
0

Re: It can't work no matter how much crypto they use, can it ?

Probably in that case the metadata is going to show a focus distance of a few feet ahead of the camera, not infinity as you would expect for a UFO in the sky, which may be a giveaway.

This is even if you could make your high resolution/color depth screen projection beat the camera's ability to detect, which seems unlikely in practice even though you might think it possible in theory.

0
0
Silver badge

It may be expensive, but it is certainly doable.

Essentially that's how many of the effects for B5 were done, except they found the trick of putting a mirror between the image to be captured and the camera. Apparently the defects inherent in the mirror introduce sufficient change from the sharp lines of a computer so the images look more realistic. I think I read in a Reg article comment somewhere that that was actually an old spy trick.

0
0
Bronze badge
Boffin

Close-up Lens

Photographers have been doing this for a really long time.

OK, if the focus mechanism uses a sensor which doesn't look through the lens, life gets complicated, but all you need to do is hold a magnifying glass in front of the camera lens.

0
0
Coat

Strictly speaking ...

I believe they are cryptanalysts. Cryptographers do the encrypting.

Sorry. Coat. Get

0
0
Gold badge
Joke

Another great win for security by obscurity

Or perhaps not.

0
0
Silver badge
Thumb Up

pwnd

well and truly taken to the cleaners

I'm not sure which is the best picture - the iPhone or the Statue of Liberty

(icon needed for 'laughed my tits off')

0
0
Silver badge
Joke

This is not a problem

Breaking crypto is against the law.

So no one should do it.

Every employee at ElcomSoft involved should now be in the gulag.

What do you mean "That's not how the world works"?

Tell that to the MAFIAA and their DMCA fanatics

2
0
Anonymous Coward

previous work in this area

70% of the information is already there :

see end of section 2.4.2 in http://lclevy.free.fr/cr2/

0
0

This post has been deleted by its author

This topic is closed for new posts.