Cryptographers have cracked software used to verify that images taken with Canon cameras haven't been altered. Russian password-cracking company ElcomSoft said on Tuesday that it's able to extract the original signing key from the Canon Original Data Security Kit and use it to validate fake photos. Canon has billed the service …

COMMENTS

House rules Send corrections

This topic is closed for new posts.

Tuesday 30th November 2010 22:33 GMT Aremmes

NIH syndrome strikes again

So the requirements say that a method to asymmetrically authenticate a message is needed. There are several digital signature algorithms available, many within reach of a Google search. What do we do? We'll ignore decades of crypto research and invent our own signing algorithm, of course.

2 0
1. This post has been deleted by its author
Tuesday 30th November 2010 22:33 GMT Andy 68

Oh come on.....

A cracking/hacking/security outfit with a sense of humour?

That's got to be a first, and loudly applauded!

19 0
1. Wednesday 1st December 2010 10:24 GMT Anonymous Coward
  
  they did it for the lulz
  
  Ooh, I can think of one other one:
  
  What about Goatse security? (Gaping Holes Exposed)
  
  1 0
Tuesday 30th November 2010 22:34 GMT Anonymous Coward

Ouch

Wouldn't like to have just spent £1000 or whatever they fleece people for to buy the program that authenticates photos.

Canon's meerkating people should put a positive spin on this by releasing new firmware updates for its cameras that removes the feature but only claims in the changelogs to have 'streamlined file format options to lengthen battery life'.

2 1
Tuesday 30th November 2010 22:34 GMT Ef'd

Russians

"The Russian company mocked the system by posting doctored photos authenticated by the system purporting to show Russian cosmonauts landing on the moon ahead of US astronauts and Joseph Stalin brandishing an iPhone."

Gotta love them.

6 0
1. Wednesday 1st December 2010 00:36 GMT Anonymous Coward
  
  Re: Russians
  
  As you may remember, one of Elcomsoft's own was jailed for a while in the US because Adobe's DRM got broken and they used the DMCA to jail the guy:
  
  http://en.wikipedia.org/wiki/Dmitry_Sklyarov
  
  So, rubbing faces in it isn't so inappropriate, really.
  
  3 0
Wednesday 1st December 2010 00:36 GMT Anonymous Coward

pics on the link

Excellent fun mockups, but for me the statue of liberty with a sickel is purest win. Great to see such humour!

3 0
Wednesday 1st December 2010 10:14 GMT Anonymous Coward

It can't work no matter how much crypto they use, can it ?

Even if they get the crypo right and the camera is tamper proof so that the signing key can't be extracted and the camera can't be fooled as to the time or its location, what's to stop me displaying a doctored ufo pic on a big screen in the back of my van, traveling to the correct location and there taking a picture of the screen ?

So long as the screen has much better pixel count and colour depth than the camera, it should be possible to transform the displayed image so as to totally control each pixel on the image that the camera takes, not so ?

0 0
1. Wednesday 1st December 2010 10:59 GMT Anonymous Coward
  
  As that Famous Saying Goes...
  
  "The camera never lies..."
  
  "...only the photographer"
  
  (the last half is often forgotten)
  
  1 0
2. Wednesday 1st December 2010 12:32 GMT Grease Monkey
  
  Screen?
  
  "So long as the screen has much better pixel count and colour depth than the camera"
  
  And where are you going to find a screen that meets those criteria then?
  
  0 0
  1. Wednesday 1st December 2010 15:04 GMT Tom 13
    
    It may be expensive, but it is certainly doable.
    
    Essentially that's how many of the effects for B5 were done, except they found the trick of putting a mirror between the image to be captured and the camera. Apparently the defects inherent in the mirror introduce sufficient change from the sharp lines of a computer so the images look more realistic. I think I read in a Reg article comment somewhere that that was actually an old spy trick.
    
    0 0
3. Wednesday 1st December 2010 15:02 GMT Hugh McIntyre
  
  Re: It can't work no matter how much crypto they use, can it ?
  
  Probably in that case the metadata is going to show a focus distance of a few feet ahead of the camera, not infinity as you would expect for a UFO in the sky, which may be a giveaway.
  
  This is even if you could make your high resolution/color depth screen projection beat the camera's ability to detect, which seems unlikely in practice even though you might think it possible in theory.
  
  0 0
  1. Thursday 2nd December 2010 00:53 GMT Dave Bell
    
    Close-up Lens
    
    Photographers have been doing this for a really long time.
    
    OK, if the focus mechanism uses a sensor which doesn't look through the lens, life gets complicated, but all you need to do is hold a magnifying glass in front of the camera lens.
    
    0 0
Wednesday 1st December 2010 10:19 GMT KitD

Strictly speaking ...

I believe they are cryptanalysts. Cryptographers do the encrypting.

Sorry. Coat. Get

0 0
Wednesday 1st December 2010 10:31 GMT John Smith 19

Another great win for security by obscurity

Or perhaps not.

0 0
Wednesday 1st December 2010 10:58 GMT Elmer Phud

pwnd

well and truly taken to the cleaners

I'm not sure which is the best picture - the iPhone or the Statue of Liberty

(icon needed for 'laughed my tits off')

0 0
Wednesday 1st December 2010 13:27 GMT The BigYin

This is not a problem

Breaking crypto is against the law.

So no one should do it.

Every employee at ElcomSoft involved should now be in the gulag.

What do you mean "That's not how the world works"?

Tell that to the MAFIAA and their DMCA fanatics

2 0
Wednesday 1st December 2010 13:57 GMT Anonymous Coward

previous work in this area

70% of the information is already there :

see end of section 2.4.2 in http://lclevy.free.fr/cr2/

0 0
This post has been deleted by its author