Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Canon image verification system flaw discovered by analyst

Russian company finds major flaws in system that finds evidence in photos

Article comments

A cryptographic system used by Canon to ensure that digital images haven't been altered is flawed and can't be fixed, according to a Russian security company that specialises in encryption.

Mid- to high-end Canon digital cameras have a feature called "Original Decision Data" (ODD), which is a digital signature that can be verified to see if a photo has been retouched or if data such as timestamps or GPS coordinates have been changed. The Associated Press news wire uses the system, which can also be used to verify photos used as evidence.

But the digital signature can be forged due to design flaws in Canon's system, according to Dmitry Sklyarov, an IT security analyst with Elcomsoft, which specialises in password recover systems. Sklyarov was due to give a presentation on the flaws at the Confidence IT security event in Prague on Tuesday afternoon.

Elcomsoft has published photos, including one with an astronaut planting the flag of the Soviet Union on the moon, that, if checked using a smart card and special software from Canon, confirm that the photo has not been tampered with.

Elcomsoft shared a copy of Sklyarov's presentation, which hasn't been released publicly, with IDG News Service. In it, he describes how one component, the Hash-based Message Authentication Code (HMAC), which is used to calculate the ODD, can be extracted from the memory of several different Canon camera models.

In Canon's second version of its ODD system, the HMAC code is 256 bits. The code is the same for all cameras of the same model. Knowing the HMAC code for one particular model allows the ODD to be forged for any camera within that model range, Sklyarov wrote.

The problem is that the HMAC sits in the camera's RAM in a de-obfuscated form and can be extracted, according to Sklyarov. It is also possible to extract the HMAC from the camera's Flash ROM and manually de-obfuscate it. Canon also released a third version of ODD, which Sklyarov was also able to break and forge the ODD. Elcomsoft has written a program that can analyze a camera's processor and firmware.

The problem is a design flaw and can't be fixed, according to Elcomsoft. Sklyarov said he was able to extract the HMAC keys for the following models: EOS 20D, EOS 5D, EOS 30D, EOS 40D, EOS 450D, EOS 1000D, EOS 50D, EOS 5D Mark II, EOS 500D and EOS 7D.

With future models, Sklyarov wrote that Canon could implement an HMAC calculation in a cryptoprocessor that does not expose it. Also, Canon should prevent its cameras from running non-Canon code to avoid the use of software tools by an attacker.

Elcomsoft made several attempts about three months ago to notify Canon of the problem with no response, said Katerina Korolkova, an Elcomsoft spokeswoman. A senior manager in Canon's technical department finally acknowledged receipt of the issue.

"We have provided them all of our technical findings," she said.

Elcomsoft told Canon it planned to release details of the problem, and the company has also notified the U.S. Computer Emergency Response Team, Korolkova said. Elcomsoft plans to release Sklyarov's full presentation on its website in about two weeks.

The design flaws could allow defense attorneys to challenge photographic evidence as details of the flaws are revealed and possibly applied.

"If defense teams raise concerns about the veracity of images or of any evidence, then the court would hear legal argument on the issue and make their decision," according to a spokeswoman for the UK's Crown Prosecution Service.

Canon officials were not immediately available for comment on Tuesday.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *