By >Ike
Nikon’s Image authentication system cracked
ElecomSoft, a privately owned company in the heart of Russia (Moscow) has fiddled around with Nikon’s Image authentication software and managed to let a forged photo pass for a genuine one. Nikon originally created their authentication system to inhibit an uneditted image to be manipulated and being sold for original/raw.
Forged photos are nowadays so common for false political statements, legal evidence & business affairs that can define or totally destroy an individual or company’s name and/or carreer. So Nikon thought it invented the perfect software to validate if a photo was taken with their camera and if it was modified in any way.
Affected Cameras
All past and current digital SLR cameras manufactured by Nikon and supporting Image Authentication are affected, including Nikon D3X, D3, D700, D300S, D300, D2Xs, D2X, D2Hs, and D200 digital SLRs.
Official press release from Elecom:
It is hard to underestimate the importance of photographic evidence in today’s world. Political, legal and business users rely on images captured with modern digital cameras to base important decisions. The credibility of such evidence thus becomes vital.
The Impact of Fake Photographic Evidence
Some of that evidence has been proven to be a fake. Manipulated images have been used to make false political statements in more than once case. ElcomSoft has published a brief abstract on some of the world’s most famous fakes that made impact on public opinion, resulted in terminated careers and loss of reputation.
Digital Image Authentication
Major manufacturers of photographic equipment including Canon and Nikon introduced image authentication systems aimed to streamline the validation of image originality and guarantee that the image appears exactly as captured. A secure digital signature is calculated for each capture immediately after a shot.
The Flaw in Nikon’s Implementation
Nikon’s implementation of image authentication has a major design weakness. ElcomSoft researchers discovered a flaw in the way the secure image signing key is being handled in camera. The vulnerability allowed the researchers to actually extract the original signing key from a Nikon camera. This, in turn, made it possible to produce manipulated images with a fully valid authentication signature. By using the signing key, ElcomSoft has prepared a set of hoax images that successfully pass validation with Nikon Image Authentication Software.
ElcomSoft is providing more information on image authentication background and technical implementation in the «Nikon Image Authentication System: Compromised» blog entry
Nikon’s Response
ElcomSoft made the issue known to Nikon and CERT as a trusted third party. At the time of this writing, ElcomSoft received no response from Nikon.
Affected Cameras
All past and current digital SLR cameras manufactured by Nikon and supporting Image Authentication are affected, including Nikon D3X, D3, D700, D300S, D300, D2Xs, D2X, D2Hs, and D200 digital SLRs.
No Comments
- - Officially Official: Nikon's New D3x DSLR (December 1st,2008 at 3:01 PM)
- - Nikon D300s (October 1st,2009 at 10:22 AM)
- - Nikon D300s, the Review (September 22nd,2009 at 1:53 PM)
- - Nikon D300s and Olympus E-P1 in Da House! (September 3rd,2009 at 10:37 AM)
- - Nikon D700, the Art of Photography… (August 28th,2009 at 2:41 PM)
- - Japan Probe – News from Japan (Subscribe)
Subscribe
Kristoffer - [25/05/2013 - 06:01]