geekhack

geekhack Community => Other Geeky Stuff => Topic started by: muchadoaboutnothing on Sat, 04 December 2010, 00:18:46

Title: Canon digital image forensics system cracked
Post by: muchadoaboutnothing on Sat, 04 December 2010, 00:18:46

Canon's Image Verification System Cracked (http://it.slashdot.org/story/10/12/03/2133218/Canons-Image-Verification-System-Cracked#commentlisting)

• Canon's software uses one or more secret keys (depending on version) to sign the image. The secret key is used on the computer to verify that the image is original and unmodified (image itself, EXIF, other metadata, etc.)
• Canon's cameras do not implement these keys on cryptographically secure & tamper resistant chips.
• Canon's cameras allow for the running of unsigned code.
• The result allows an attacker to retrieve the key(s) from the camera, which allows for images to be self-signed.

The end result?

Well, it won't effect the point in shooter or even home photo enthusiast. But insurance companies and law enforcement agencies who rely on the ODD to verify images as untouched can no longer use this to vouch for the integrity of the images.

Older Canon DSLRs used ODDv1. That's gone.
ODDv2 is gone too - any particular model (e.g. the 30D) will use the exact same key.
ODDv3 (on the newest cameras) can be faked if the attacker has the camera - each camera has a unique key.

Kind of surprising as this is a disaster from a security standpoint. The implementation is horrible from first glance and shows a lack of care on Canon's part.

Anyhow, interesting stuff. Thought I'd share.

Title: Canon digital image forensics system cracked
Post by: PAINKILLER on Sat, 04 December 2010, 04:36:57

So now even when a picture is provided as evidence people can say "Pics or it didn't happen"!

Title: Canon digital image forensics system cracked
Post by: Zen on Sat, 04 December 2010, 06:39:36

(http://i.imgur.com/lAaM7.jpg)

Title: Canon digital image forensics system cracked
Post by: godly_music on Sat, 04 December 2010, 23:00:56

No matter what cryptography monster you create, at some point it'll be cracked.

Title: Canon digital image forensics system cracked
Post by: PAINKILLER on Sun, 05 December 2010, 04:38:18

Quote from: godly_music;257325

No matter what cryptography monster you create, at some point it'll be cracked.

Except for this thing, which nobody cares about: edbe5ed96f94d8fbc84e4ff00ce97d14

Quote from: ripster;257376

Even the answer to the Ultimate Question of Life, the Universe and Everything.

42

Yeah, apparently some people do care about and seek answers to questions they don't know. Real world example: work done at CERN.

Title: Canon digital image forensics system cracked
Post by: woody on Sun, 05 December 2010, 10:35:48

Quote from: PAINKILLER;257426

edbe5ed96f94d8fbc84e4ff00ce97d14

You should practice safe hex, brother.