Both Nikon And Canon's Image Authentication Systems Busted

A Russian white-hat security firm, Elcomsoft, has found that Nikon’s system of determining whether an image from one of their cameras has been tampered with is vulnerable to circumvention. Images carry an encrypted signing key, which is overwritten as soon as they are edited; the presence or absence of this key can be checked for later.

Elcomsoft, however, claims to have demonstrated that the key can be re-written, and therefore fake images be made “authentic” according to Nikon’s tools. They have informed Nikon of the problem, but have received no response… so up it goes on the internet. The actual method isn’t disclosed, but a few sample photos (obviously doctored) are provided that should pass the Nikon authentication system.

The same company found a few months ago that Canon’s system to the same effect can also be compromised. What’s the take-away here? Well, for legal and professional purposes, making sure an image is “real” just got a bit more difficult — if you assume there are people out there who know the method Elcomsoft is describing.

[via PC World]