Canon's Image Verification System Cracked

TJNoffy writes "The H Security's H-online reports that 'Hacker Dmitry Sklyarov has succeeded in extracting the secret signing key from numerous digital SLR cameras and has used it to sign modified images which Canon's latest OSK-E3 security kit verifies as legitimate. Canon's Original Data Security System is intended to show whether changes have been made to photographs and to verify date and location information. The system is primarily used for ensuring the integrity of evidence, for reporting accidents and for construction records.'"

Wow

[Monkeedude1212]

I didn't even know such technology existed!

I thought they just posted it on /b/ asking "reel or phake?"

And they just tallied the number of "Photoshoped" responses versus the total responses.

What kind of proof was this supposed to be anyway?

[igreaterthanu]

With TPM chips being cracked previously, after apparently being tamper-proof, even if they implemented it using an algorithm that was suitable for the job (i.e. not use SHA but ECC or RSA) it would still be possible to get the signing key. It's flawed in the same way DRM is flawed, you can't give someone else the key and not give them the key at the same time.

The key that can be extracted

[blair1q]

...is not a secret key.

Re:Free Dmitry Sklyarov!

[iammani]

Thats really old news, and no one seems to have cared enough to update the website. Here are some updates...
"The charges against Sklyarov were later dropped in exchange for his testimony. He was allowed to return to Russia on December 13, 2001. On December 18, 2002 following a two-week trial in San Jose, California, a jury found that Elcomsoft had not wilfully violated the U.S. law." -- wikipedia