First published: 01st December 2010
Russian developer of computer forensics tools and services ElcomSoft has announced that it has cracked digital camera manufacturer Canon's image verification scheme.
In the scheme, Canon cameras embed verification data in photos they take, and sign it. The data includes the GPS location, date and time the photo was taken. Anyone can subsequently use Canon's OSK-E3 verification kit to check the signature and therefore prove where and when the photo was taken.
ElcomSoft claims that it has extracted signing keys from Canon digital cameras, used the keys to sign an altered image and successfully validated the fake photo with the OSK-E3. ElcomSoft has posted a selection of amusingly modified photos that they say the OSK-E3 will validate.
The OSK-E3 is available from Amazon for US$658.40, a small price for verifying the location of the USSR's moon landing.
Dmitry Sklyarov of ElcomSoft went into the details of the exploit in his presentation at the CONFidence 2.0 conference on 30th November. He described how he analysed the camera firmware to locate the obfuscated signing key and that the key is the same for all camera of the same model, but different in different models. He can therefore generate verification data for any camera where the key for the model is known. Saying that Canon could do nothing about this flaw for existing models, he recommended that, for future models, Canon should implement the signing calculation in a cryptoprocessor which does not expose the secret key; prevent the camera from running non-Canon’s code to avoid illegal usage of the cryptoprocessor; and hire people who really understand security.
Dmitry Sklyarov is previously known for his presentation on Adobe's eBook Security at the DEF CON convention in Las Vegas in 2001, and his subsequent arrest by the FBI for distributing a product designed to circumvent copyright protection measures, under the terms of the Digital Millennium Copyright Act, following a complaint by Adobe. This may be why he chose CONFidence 2.0 in Prague, Czech Republic to present his findings on this occasion.
