Nikon Image Authentication System: Compromised "ElcomSoft Co. Ltd. researched Nikon’s Image Authentication System, a secure suite validating if an image has been altered since capture, and discovered a major flaw. The flaw allows anyone producing forged pictures that will successfully pass validation with Nikon’s Image Authentication Software. The weakness lies in the manner the secure image signing key is being handled in Nikon digital cameras. The existence of the weakness allowed ElcomSoft to actually extract the original signing key from a Nikon camera. This, in turn, made it possible to produce manipulated images signed with a fully valid authentication signature."
"The ultimate vulnerability is that the private (should-be-secret) cryptographic key is handled inappropriately, and can be extracted from camera." It's always the same. Though I didn't know that Nikon had such a system or that Canon does too (with a similar flaw).
No comments:
Post a Comment