Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blurring Images Not So Secure

Posted by CmdrTaco on from the release-the-blue-dot dept.

An anonymous reader writes "Dheera Venkatraman explains in a webpage how an attacker might be able to extract personal information such as check or credit card numbers, from images blurred with a mosaic effect, potentially exposing the data behind hundreds of images of blurred checks found online, and provides a ficticious example. While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

41 of 166 comments (clear)

  1. Japanese porn by Boccaccio · · Score: 5, Funny

    Will this work on Japanese porn too? My friend wants to know.

    1. Re:Japanese porn by 1u3hr · · Score: 5, Informative
      Try GMask. This method of mosaic masking is often used to make the images legal for Japanese webpages, yet allow perverts to recover the original image.

      Now cue about 50 posts talkng about the "CSI Photoshop enhance plugin".

    2. Re:Japanese porn by Anonymous Coward · · Score: 4, Funny

      Only on Slashdot would this man's question get an informative reply. I now remember why I've wasted 9 years of my life browsing this site. Thanks!

    3. Re:Japanese porn by Fred_A · · Score: 4, Funny
      Translation aside, looks like it needs `gnome-config --cflags gnome` instead of `gtk-config --cflags`
      in Makefile at a bare minimum.
      And a lot of cleanup in general.
      Witness the power of Open Source as it is unleashed in Real Time when faced with a pr0n related problem !
      --

      May contain traces of nut.
      Made from the freshest electrons.
    4. Re:Japanese porn by Tablizer · · Score: 5, Funny

      Will this work on Japanese porn too?

      Only if the number of possible cunts is fixed and known.

      --
      Table-ized A.I.
    5. Re:Japanese porn by mrmeval · · Score: 2, Interesting

      That's just funny. The source actually compiles on Linux but I have no idea how to use it.
      I always thought porn was for hiding Soviet spy messages. I suppose pictures could hide horse porn with steganography.

      --
      I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
    6. Re:Japanese porn by alphamugwump · · Score: 2, Informative

      Right. Witness the single-keystroke cache-clearing abilities of firefox. Also, they refer to their image rendering library as "libpr0n"

    7. Re:Japanese porn by TheoMurpse · · Score: 2, Funny

      Only the unwashed masses come for those. The truly educated elite? Well, we come for the Natalie Portman hot grits jokes.

      Speaking of Slashdot memes, do GNAA trolls still show up? I haven't browsed below +4 in a year, so I'm not entirely sure.

    8. Re:Japanese porn by TheoMurpse · · Score: 2, Insightful
      Only if the number of possible cunts is fixed and known.
      Somehow, I feel like I'm not reading Slashdot. Did the channel get changed over to MTV's New Year's Countdown (language NSFW)?

      I hereby dub Tablizer the John Cleese of Slashdot. I've never seen anyone use that word here before (John Cleese said "fuck" during his eulogy of Graham Chapman at the televised funeral, and allegedly was the first to use the f-bomb on TV, or something like that).
  2. and please... by macadamia_harold · · Score: 4, Funny

    While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

    And please, when you cover the information with black bars, use Adobe Acrobat. (this solution brought to you by the CIA)

    --
    Push Button, Receive Bacon
    1. Re:and please... by solafide · · Score: 3, Interesting

      If you don't remember or want a refresher on what happened, the original article is at http://it.slashdot.org/article.pl?sid=06/06/22/138 210 . It's worth bookmarking in case you ever need to do the same yourself.

  3. Sqinting Works by bmsleight · · Score: 4, Funny

    Squinting your eyes also works.

    1. Re:Sqinting Works by jones_supa · · Score: 2, Insightful
      Squinting your eyes also works.
      It really does. Some of the codes are so lightly blurred that they can be interpreted with only bare eyes.
    2. Re:Sqinting Works by Oddscurity · · Score: 4, Funny

      Either that, or you end up seeing a 3D schooner.

      --
      Indeed!
    3. Re:Sqinting Works by Emetophobe · · Score: 4, Funny
      Squinting your eyes also works.
      What else would you squint?
  4. old news - I see this on TV every day. by gbjbaanb · · Score: 4, Funny

    damn right. I see this happening on CSI all the time, the licence plate, blurred, reflected in a window, with someone standing in front of it.. just 'clean up the image', and bobs your uncle - one licence plate revealed clear as day. :)

    1. Re:old news - I see this on TV every day. by Dachannien · · Score: 4, Funny

      It's hilarious every time they do this. They start with a picture of some guy's face from 500 feet away that looks like a big skin-colored blur, and by the time they're done enhancing it, you can see right up the guy's nose. Of course, they want to keep it realistic: to show that you can only enhance an image so much, his nose hairs are slightly pixelated.

    2. Re:old news - I see this on TV every day. by 1u3hr · · Score: 2, Funny
      Of course, they want to keep it realistic:

      Whichis why it uses the authentic photpenhance sound effect as the image appears in rows, like dot matrix printer. Us imaging professionals see that every day.

      The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

    3. Re:old news - I see this on TV every day. by radtea · · Score: 3, Interesting

      The weird thing is that they must have a whole staff of highly qualified computer geeks who do their effects who could tell them this was bullshit.

      You need to realize that CSI is science fiction masquerading as a cop show. Their impossible tricks with image processsing and the like are the show's equivalent of FTL travel. But despite having miraculous technology, they actually get the method and attidudes of science right, at least on the original series. They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.

      Gil Grissom may be the only character in TV history who actually behaves more-or-less like a real scientist.

      --
      Blasphemy is a human right. Blasphemophobia kills.
    4. Re:old news - I see this on TV every day. by 1u3hr · · Score: 2, Insightful
      They look at the evidence, and struggle to overcome their prejudices regarding what they would like to be true. Sometimes they follow false trails, and have to accomodate new facts by discarding the theory they've built up so far.

      I suppose that's one way to look at it. For me, I gave up after the first season. The "false trails" thing just became a cliche; you KNOW that it's never the one or how who it seems to be first; that's always a red herring. And the complete unreality of the CSI geeks going around with guns, interrogating people, being action heroes, made it harder to suspend disbelief. Actually, I think the X-Files got procedure more realistic.

    5. Re:old news - I see this on TV every day. by aussie_a · · Score: 2, Insightful

      Its actually quite easy to tell if they've caught the real killer. "Does the show have 20 minutes or less out of 1 hour to go? If yes, probably the right killer. If no then the wrong killer. If the show has 10 minutes or less then it is definitely the real killer."

    6. Re:old news - I see this on TV every day. by aussie_a · · Score: 2, Funny

      CSI is the *worst* program on the TV for anything forensic related. And I kid you not, the Queensland police in Australia used it as a teaching aid on what to do. I shit you not.
  5. Impossible! by Anonymous Coward · · Score: 2, Insightful

    You do realise that an algorithm to "un-blur" a blurred image is a total waste of time, right? There's no way for the algorithm to know how many times and in what various directions I blured the image - or if I added/deleted text before blurring. It's like a virus for Linux.. no one writes it because it's a waste of time. Leave it to slashdot to post bullshit.

    1. Re:Impossible! by dheera · · Score: 5, Informative

      the problem is more the fact that so many people on the internet use just a simple mosaic to do blurring. i can cite enough examples from google image search if i wanted to. others resort to applying a motion blur effect just once which can be reversed by deconvolution if it's not blurred enough. if you use the smudge tool, good for you, i don't think there's a good way to reverse that. the problem is that blurring and mosaic techniques are simple, consistent transformations, while smudging is not.

  6. how about a big DUH..... by p51d007 · · Score: 3, Funny

    Anytime I post a picture, such as a car with a license plate, I BLANK out the numbers/letters with three colors, a block of white, then a block of silver, then a block of black. Not layers, just the colors.

    1. Re:how about a big DUH..... by KDR_11k · · Score: 3, Funny

      He left the opacity slider at 80%

      --
      Justice is the sheep getting arrested while an impartial judge declares the vote void.
  7. And cover it correctly... by haakondahl · · Score: 4, Interesting

    An unclassified report was released with information blacked out to make it unclassified. The problem is that whatever software was used to produce the PDF with classified information hidden had only applied a layer which was easily removed.

    People who do not understand the technology they are working with should not have this kind of release authority. And that's the hard part--the higher up you are in the food chain, the less likely you are to understand the new tools your organization is working with.

    There are very few users in government who could not do their jobs just fine using Windows 3.11, WordStar 3.x and an e-mail client on a fast but simple machine.

    Slaved as the government is to Microsoft's development cycle, however, the government will always be at the cutting edge of compromised.

    --
    Don't trust anyone under thirty.
  8. Un-blurring photos by rzei · · Score: 2, Interesting

    While I acknowledge knowning little about different blurring algorithms could someone enlight a bit how much of "unblurring" can be done? I realize there are some "sharpen" filters in Photoshop and Gimp but AFAIK they all seem to be based on highlighting edges or something like that.

    As in the TFA, the Bill Gates picture has a small part of it blurred (his face). Could it be possible to calcute all the possible variations that give the same bitmap as the original when filtered with gaussian blur? What I glanced from gaussian blur page the group including all the possible solutions has to be finite, I guess, while being very huge..

    This combined with a monkey (or bored computer user) could "help" refine the patter by selecting the most likely variation until the user is satisfied. Or is this something for which there already exists programs?

  9. Re:Blurring CAN be secure by dheera · · Score: 3, Interesting

    not always true. while it's reasonably good today, some day in the future, if we have 16-bit color channel depth ever become a standard (a 16-bit tiff for example), there will be enough data maintained at the edges of the blurred region to reconstruct the data. all you have to do is FFT the region, divide by a gaussian, inverse FFT, then keep repeating for different gaussians - this will basically divide out the system function used for blurring. 8-bit channels of today don't quite make it practical resolution-wise, but just a heads up so you don't get a false sense of security.

  10. Summary of technique by pla · · Score: 5, Insightful

    He basically points out that a blurred mosaic amounts to a form of inexact hash function. While irreversable, if you have a small enough input space, you can exhaustively hash all possible candidates and pick the one(s) that best match the target.

    Interestingly enough, while he points out that most financial account numbers contain a degree of error detection and correction, he chooses to use that to reduce the match set, rather than the candidate set. I suppose this would matter if you wanted to prove a hypothesis (if the best match yields a valid number, you have a p=[valid/total]), but if you just want to steal someone's account info, you'd do better to reduce your processing time and just try the best few results in order.

  11. Re:bars by eneville · · Score: 2, Insightful

    and what is wrong with saying "i agree" to the article. this is a public forum for people to voice opinions, if you think that is wrong, just set the widget to show comments rated +5.

    --
    Why UNIX?
  12. RTFA by porneL · · Score: 4, Informative

    The whole point of the article is that blurring and pixelating beyond recognition isn't enough. You don't need to see the original numbers, you just have to find numbers that blur to a similar blob. It's a dictionary attack with blur as a hash function.

  13. MaxEnt by TeknoHog · · Score: 4, Informative

    This is a kind of maximum entropy method, like the unsharp mask in image processing. Basically, if you know the blurring (convolving) function, you can reverse it. There are more sophisticated algorithms for cases where the blurring function is unknown, based on certain regularities; for example motion blur has a fixed direction and magnitude.

    --
    Escher was the first MC and Giger invented the HR department.
  14. maximum entropy by localoptimum · · Score: 5, Informative
    This kind of problem is indeed quite easy to solve with a good algorithm. It's a hard(!) inverse problem, meaning that there are many possible model solutions (guessed number combinations) that match your data (pixels). The weakest link is knowing exactly the blurring algorithm that was used.

    In the real world, data is imperfect and noisy, so the article is thus far correct. What is not correct is simply to pick the data with the nearest match, because it's a best match to the noise also. Maximum entropy is one algorithm which gives you a probabilistic answer, i.e. "the chances that this particular combination is the right one is [whatever] percent". You then pick the most likely one. Astronomers use this technique all the time for removing the blur and diffraction on their images. I personally use it regularly for nuclear spectroscopy, and it's absolutely solid if you use it carefully.

    --
    This message was scanned by European governments and contains no terrorism.
  15. Hand Written Checks by Joebert · · Score: 2, Funny

    This is precisely why I hand write all my checks with a sharpe marker, here's an Example.

    --
    Wanna fight ? Bend over, stick your head up your ass, and fight for air.
  16. Fragment-based image completion/reconstruction by Oddscurity · · Score: 2, Informative

    Daniel Cohen-Or manages something I consider far more interesting. Take for instance this PDF about image reconstruction.

    There's quite a few more impressive papers on his page, for those interested in graphics.

    --
    Indeed!
  17. You're new here, aren't you? by KH2002 · · Score: 5, Funny

    You're new here, aren't you?

  18. You can actually go one step further with wavelets by StandardCell · · Score: 4, Insightful

    In a lot of advanced image processing where you want to upscale an image, you can actually use a wavelet-based scaling technique that recovers amazing amounts of detail. In most digital TVs these days, they use a two-dimensional polyphase finite impulse response filter tuned for a certain degree of Gibbs phenomenon (ringing around harder edges) versus detail loss. But this has its limits, and it doesn't intelligently reconstruct the image details. In addition, it's notoriously difficult to tune properly for all content.

    In contrast, wavelet based scaling can actually reconstruct phenomenal amounts of detail from a degraded image. For digital TV applications where you have DVDs or standard definition content displayed on a high-definition fixed-resolution display, wavelet-based scaling can actually make real details re-emerge where they weren't there before. The bottom line explanation is understanding and interpreting the influence of adjacent pixels with a minimum of error as the article's author demonstrates (although, as the parent post explains, he's going about it in a convoluted way). I've actually seen the preliminary results that some engineers had shown me that makes it look like something a government agency would use to enhance satellite or surveillance camera images. It makes DVDs look almost exactly like HD-DVD or Blu-Ray HD content. In fact, I expressed my concern that this scaling method could be used on digital TVs to actually "unmask" blurred or blocked faces on TV shows and introduce liability issues.

    Nevertheless, it is possible to reconstruct a LOT of detail from blocked out or blurred faces or pretty much any content. Doing it in real time on HD resolution displays is a different matter altogether as it requires enormous computing power. But it is coming in the next 3-5 years. If you're really interesting in blocking out content on digital photos, use a solid black color over the part you don't want recognized.

  19. "But, really..." by solitas · · Score: 3, Insightful
    (from about 2/3 down the page):
    So yes, I used an image against itself and designed it to work here. But the algorithem can surely be improved to work on real stuff. I don't have the time nor desire to improve this any further, though, because I'm not the one after your information.

    Yeah, like: surely someone else can make it work - I've only described a fantasy in an article that'll work only under fabricated examples and circumstances and I don't want to put myself in a position of proving it unworkable in general use.

    --
    "It's time to take life by the cans." ~ Bender ("Bendin' in the Wind", ep. 3-13)
  20. Re:Squinting Works by UncleTogie · · Score: 2, Funny

    Ask the guys with talented girlfrends. ;)

    --
    Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
  21. Comment removed by account_deleted · · Score: 2, Funny

    Comment removed based on user account deletion