Signed Nikon images can be forged
Source: Elcomsoft Nikon's image verification system has been cracked. Hackers at ElcomSoft say they have managed to extract Nikon's secret signature key from a camera and sign arbitrary images with it. Last December, ElcomSoft managed to do the same thing with Canon. Nikon's Image Authentication System is designed show if a digital photograph has been altered. Such protection is important, for instance, in forensics, accident reports, and construction documentation.
Compatible camera models add a digital signature to the image file, and special software that costs around €500 (£445) is needed to read that signature and verify it. Now, users can do all of this on their own computer with the digital signature key and a bit of background knowledge – regardless of where the image is from and how often it was processed after being taken. In other words, protection has been cracked. Elcomsoft say they have found a flaw in the way the cameras handle the key which meant they could extract the signing key used by Nikon. Using that key they have successfully signed a number of faked images that pass verification. The signed images are available at nikon.elcomsoft.com.
ElcomSoft has informed Nikon in the US, Europe and Japan about the problem but has only received the standard reply that you should contact your retailer if you have problems with the product. The consequences could be far-reaching if Nikon officially confirms the problem. The manufacturer would have to take the old key out of circulation and find a way to store a new, safe one in the camera. And even then, users would need to update every Windows application and all cameras supported. The security experts believe that Nikon will therefore deal with the problem the same way that Canon did: just wait and see.
- Russians on the moon? Canon's image verification system cracked, a report from The H.