Cryptographers have cracked software used to verify that images taken with Canon cameras haven't been altered. Russian password-cracking company ElcomSoft said on Tuesday that it's able to extract the original signing key from the Canon Original Data Security Kit and use it to validate fake photos. Canon has billed the service …
NIH syndrome strikes again
So the requirements say that a method to asymmetrically authenticate a message is needed. There are several digital signature algorithms available, many within reach of a Google search. What do we do? We'll ignore decades of crypto research and invent our own signing algorithm, of course.
method to asymmetrically authenticate a message
AIUI, the private key has to be accessible during signing, right? So it's in the camera.
Oh come on.....
A cracking/hacking/security outfit with a sense of humour?
That's got to be a first, and loudly applauded!
they did it for the lulz
Ooh, I can think of one other one:
What about Goatse security? (Gaping Holes Exposed)
Wouldn't like to have just spent £1000 or whatever they fleece people for to buy the program that authenticates photos.
Canon's meerkating people should put a positive spin on this by releasing new firmware updates for its cameras that removes the feature but only claims in the changelogs to have 'streamlined file format options to lengthen battery life'.
"The Russian company mocked the system by posting doctored photos authenticated by the system purporting to show Russian cosmonauts landing on the moon ahead of US astronauts and Joseph Stalin brandishing an iPhone."
Gotta love them.
As you may remember, one of Elcomsoft's own was jailed for a while in the US because Adobe's DRM got broken and they used the DMCA to jail the guy:
So, rubbing faces in it isn't so inappropriate, really.
pics on the link
Excellent fun mockups, but for me the statue of liberty with a sickel is purest win. Great to see such humour!
It can't work no matter how much crypto they use, can it ?
Even if they get the crypo right and the camera is tamper proof so that the signing key can't be extracted and the camera can't be fooled as to the time or its location, what's to stop me displaying a doctored ufo pic on a big screen in the back of my van, traveling to the correct location and there taking a picture of the screen ?
So long as the screen has much better pixel count and colour depth than the camera, it should be possible to transform the displayed image so as to totally control each pixel on the image that the camera takes, not so ?
As that Famous Saying Goes...
"The camera never lies..."
"...only the photographer"
(the last half is often forgotten)
"So long as the screen has much better pixel count and colour depth than the camera"
And where are you going to find a screen that meets those criteria then?
Re: It can't work no matter how much crypto they use, can it ?
Probably in that case the metadata is going to show a focus distance of a few feet ahead of the camera, not infinity as you would expect for a UFO in the sky, which may be a giveaway.
This is even if you could make your high resolution/color depth screen projection beat the camera's ability to detect, which seems unlikely in practice even though you might think it possible in theory.
It may be expensive, but it is certainly doable.
Essentially that's how many of the effects for B5 were done, except they found the trick of putting a mirror between the image to be captured and the camera. Apparently the defects inherent in the mirror introduce sufficient change from the sharp lines of a computer so the images look more realistic. I think I read in a Reg article comment somewhere that that was actually an old spy trick.
Photographers have been doing this for a really long time.
OK, if the focus mechanism uses a sensor which doesn't look through the lens, life gets complicated, but all you need to do is hold a magnifying glass in front of the camera lens.
Strictly speaking ...
I believe they are cryptanalysts. Cryptographers do the encrypting.
Sorry. Coat. Get
Another great win for security by obscurity
Or perhaps not.
well and truly taken to the cleaners
I'm not sure which is the best picture - the iPhone or the Statue of Liberty
(icon needed for 'laughed my tits off')
This is not a problem
Breaking crypto is against the law.
So no one should do it.
Every employee at ElcomSoft involved should now be in the gulag.
What do you mean "That's not how the world works"?
Tell that to the MAFIAA and their DMCA fanatics
previous work in this area
70% of the information is already there :
see end of section 2.4.2 in http://lclevy.free.fr/cr2/
- 20 Freescale staff on vanished Malaysia Airlines flight MH370
- Fee fie Firefox: Mozilla's lawyers probe Dell over browser install charge
- Neil Young touts MP3 player that's no Piece of Crap
- Review Distro diaspora: Four flavours of Ubuntu unpacked
- Sysadmins and devs: Do these job descriptions make any sense?