Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canon's Image Verification System Cracked

Posted by Soulskill on from the picture-is-worth-a-thousand-lies dept.

TJNoffy writes "The H Security's H-online reports that 'Hacker Dmitry Sklyarov has succeeded in extracting the secret signing key from numerous digital SLR cameras and has used it to sign modified images which Canon's latest OSK-E3 security kit verifies as legitimate. Canon's Original Data Security System is intended to show whether changes have been made to photographs and to verify date and location information. The system is primarily used for ensuring the integrity of evidence, for reporting accidents and for construction records.'"

2 of 118 comments (clear)

  1. What kind of proof was this supposed to be anyway? by igreaterthanu · · Score: 5, Insightful

    With TPM chips being cracked previously, after apparently being tamper-proof, even if they implemented it using an algorithm that was suitable for the job (i.e. not use SHA but ECC or RSA) it would still be possible to get the signing key. It's flawed in the same way DRM is flawed, you can't give someone else the key and not give them the key at the same time.

    --
    I dream of a nation where a man is not judged by his skin color but by an number assigned by a credit rating agency.
  2. The key that can be extracted by blair1q · · Score: 5, Insightful

    ...is not a secret key.