Go to advertiser website.
Go to advertiser website.
Canon digital SLR image verification not secure, says IT security firm  
Tuesday, December 7, 2010 | by Rob Galbraith
Russian IT security and password recovery firm Elcomsoft claims to have found a vulnerability in the Original Decision Data feature of Canon digital SLRs that allows altered pictures to be certified as unmanipulated by Canon's Original Data Security Kit.

In a press release, the company says it was able to "extract signing keys from Canon digital cameras, use the keys to sign an altered image and successfully validate fake photos with Canon Original Data Security Kit (OSK-E3)." The vulnerability can't be corrected in existing models, says Elcomsoft, and would need to be addressed through a change in the way the data security feature is implemented in future Canon digital SLRs.

The press release is here. Example photos (JPEGs only, no RAW) are here. A detailed technical explanation of the vulnerability, prepared by Elcomsoft's Dmitry Sklyarov, is here.

Update, December 8, 2010: Sklyarov has today responded by email to several questions we sent the company about their discovery. Here is that exchange:

Q. Have you also been able to create fake RAW files as well that pass the verification step in Canon 's OSK-E3?

There is no difference between JPG and RAW if we talk about Original Verification System. Verification data could be forged for RAW the same way as for JPG.

But properly handling RAW file is much more difficult in comparison with JPG (because RAW format not officially documented by Canon).

I'm not a photo professional and can be wrong, but it seems that there is no software exist that could edit and _save_ images in Canon RAW format. There is no practical need for such software (but it could be developed).

And, for example, it is very easy to modify RAW image metadata (EXIF), and calculate correct signature. So, resulting file would pass verification with OSK-E3.

Q. Could a firmware update from Canon correct the problem?

Image signing within the camera is performed on the main camera's processor, and at some point secret keys are stored in camera's memory. To avoid keys presence in camera's memory some protected crypto chip (kind of smart-card) should be used. If no such chip exists [in the camera] - no firmware update can help to avoid possibility of key extraction from unprotected memory.

Q. Has Canon responded yet to your findings?

We notified Canon at September 21, 2010. Still no official respond from them.
Send this page to: Twitter Twitter Facebook Facebook Google Bookmarks Google Bookmarks Email Email
Go to advertiser website.
2000-2013 Little Guy Media. Not to be reproduced without written permission.