In association with heise online

29 April 2011, 09:32

Signed Nikon images can be forged

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Zoom Is Abbey Road in Russia? Nikon's image verification system says this picture is real.
Source: Elcomsoft
Nikon's image verification system has been cracked. Hackers at ElcomSoft say they have managed to extract Nikon's secret signature key from a camera and sign arbitrary images with it. Last December, ElcomSoft managed to do the same thing with Canon. Nikon's Image Authentication System is designed show if a digital photograph has been altered. Such protection is important, for instance, in forensics, accident reports, and construction documentation.

Compatible camera models add a digital signature to the image file, and special software that costs around €500 (£445) is needed to read that signature and verify it. Now, users can do all of this on their own computer with the digital signature key and a bit of background knowledge – regardless of where the image is from and how often it was processed after being taken. In other words, protection has been cracked. Elcomsoft say they have found a flaw in the way the cameras handle the key which meant they could extract the signing key used by Nikon. Using that key they have successfully signed a number of faked images that pass verification. The signed images are available at

ElcomSoft has informed Nikon in the US, Europe and Japan about the problem but has only received the standard reply that you should contact your retailer if you have problems with the product. The consequences could be far-reaching if Nikon officially confirms the problem. The manufacturer would have to take the old key out of circulation and find a way to store a new, safe one in the camera. And even then, users would need to update every Windows application and all cameras supported. The security experts believe that Nikon will therefore deal with the problem the same way that Canon did: just wait and see.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit