In 2010, Elcomsoft, a software development company with headquarters in Russia, claimed to find a vulnerability in Canon Original Data Security System. Check their press release: Canon Original Data Security System Vulnerability.
But today Elcomsoft has also claimed to find a vulnerability in Nikon authentication system:
Nikon Image Authentication System Vulnerability
It is hard to underestimate the importance of photographic evidence in today’s world. Political, legal and business users rely on images captured with modern digital cameras to base important decisions. The credibility of such evidence thus becomes vital.
The Impact of Fake Photographic Evidence
Some of that evidence has been proven to be a fake. Manipulated images have been used to make false political statements in more than once case. ElcomSoft has published a brief abstract on some of the world’s most famous fakes that made impact on public opinion, resulted in terminated careers and loss of reputation.
Digital Image Authentication
Major manufacturers of photographic equipment including Canon and Nikon introduced image authentication systems aimed to streamline the validation of image originality and guarantee that the image appears exactly as captured. A secure digital signature is calculated for each capture immediately after a shot.
The Flaw in Nikon’s Implementation
Nikon’s implementation of image authentication has a major design weakness. ElcomSoft researchers discovered a flaw in the way the secure image signing key is being handled in camera. The vulnerability allowed the researchers to actually extract the original signing key from a Nikon camera. This, in turn, made it possible to produce manipulated images with a fully valid authentication signature. By using the signing key, ElcomSoft has prepared a set of hoax images that successfully pass validation with Nikon Image Authentication Software.
ElcomSoft is providing more information on image authentication background and technical implementation in the «Nikon Image Authentication System: Compromised» blog entry
ElcomSoft made the issue known to Nikon and CERT as a trusted third party. At the time of this writing, ElcomSoft received no response from Nikon.
All past and current digital SLR cameras manufactured by Nikon and supporting Image Authentication are affected, including Nikon D3X, D3, D700, D300S, D300, D2Xs, D2X, D2Hs, and D200 digital SLRs.
As a result, any photographic evidence submitted that was captured with an affected camera (as well as any future camera using the same signing key) should not be automatically taken as genuine just because it passes validation with Nikon Image Authentication Software.
Original press release: Nikon Image Authentication System Vulnerability
Please help us to keep this blog running. Make your purchases through the above or following links, there is no additional cost to you:
Photography & Accessories / Lighting & Studio / Video / Pro Video / Pro Audio / Home Entertainment / Computers & Software
Follow us on Twitter for special news, technical articles, important promotions and rebates. We try to keep everyone informed about promos, since they are great to save when buying.
Thank you very much for your support.