Slashdot Mirror

← Back to Stories (view on slashdot.org)

Blurring Images Not So Secure

Posted by CmdrTaco on from the release-the-blue-dot dept.

An anonymous reader writes "Dheera Venkatraman explains in a webpage how an attacker might be able to extract personal information such as check or credit card numbers, from images blurred with a mosaic effect, potentially exposing the data behind hundreds of images of blurred checks found online, and provides a ficticious example. While much needs to be developed to apply such an algorithm to real photographic images, he offers a simple, yet obvious solution: cover up the sensitive information, don't blur it."

7 of 166 comments (clear)

  1. Japanese porn by Boccaccio · · Score: 5, Funny

    Will this work on Japanese porn too? My friend wants to know.

    1. Re:Japanese porn by 1u3hr · · Score: 5, Informative
      Try GMask. This method of mosaic masking is often used to make the images legal for Japanese webpages, yet allow perverts to recover the original image.

      Now cue about 50 posts talkng about the "CSI Photoshop enhance plugin".

    2. Re:Japanese porn by Tablizer · · Score: 5, Funny

      Will this work on Japanese porn too?

      Only if the number of possible cunts is fixed and known.

      --
      Table-ized A.I.
  2. Re:Impossible! by dheera · · Score: 5, Informative

    the problem is more the fact that so many people on the internet use just a simple mosaic to do blurring. i can cite enough examples from google image search if i wanted to. others resort to applying a motion blur effect just once which can be reversed by deconvolution if it's not blurred enough. if you use the smudge tool, good for you, i don't think there's a good way to reverse that. the problem is that blurring and mosaic techniques are simple, consistent transformations, while smudging is not.

  3. Summary of technique by pla · · Score: 5, Insightful

    He basically points out that a blurred mosaic amounts to a form of inexact hash function. While irreversable, if you have a small enough input space, you can exhaustively hash all possible candidates and pick the one(s) that best match the target.

    Interestingly enough, while he points out that most financial account numbers contain a degree of error detection and correction, he chooses to use that to reduce the match set, rather than the candidate set. I suppose this would matter if you wanted to prove a hypothesis (if the best match yields a valid number, you have a p=[valid/total]), but if you just want to steal someone's account info, you'd do better to reduce your processing time and just try the best few results in order.

  4. maximum entropy by localoptimum · · Score: 5, Informative
    This kind of problem is indeed quite easy to solve with a good algorithm. It's a hard(!) inverse problem, meaning that there are many possible model solutions (guessed number combinations) that match your data (pixels). The weakest link is knowing exactly the blurring algorithm that was used.

    In the real world, data is imperfect and noisy, so the article is thus far correct. What is not correct is simply to pick the data with the nearest match, because it's a best match to the noise also. Maximum entropy is one algorithm which gives you a probabilistic answer, i.e. "the chances that this particular combination is the right one is [whatever] percent". You then pick the most likely one. Astronomers use this technique all the time for removing the blur and diffraction on their images. I personally use it regularly for nuclear spectroscopy, and it's absolutely solid if you use it carefully.

    --
    This message was scanned by European governments and contains no terrorism.
  5. You're new here, aren't you? by KH2002 · · Score: 5, Funny

    You're new here, aren't you?