Canon camera encryption cracked

A Russian programmer has found a terminal weakness in a Canon system to ensure the authenticity of photos taken by law enforcement, insurance companies, or other investigators.

The trimphant moment when the Russians landed on the moon? No, a doctored photo from Elcomsoft illustrating how it cracked Canon technology to detect photo tampering.
The triumphant moment when the Russians landed on the moon? No, a doctored photo from Elcomsoft illustrating how it cracked Canon technology to detect photo tampering. Elcomsoft
Stalin invented the iPhone? One falsified image from ElcomSoft the company says fools Canon's tamper-detection technology.
Stalin invented the iPhone? One falsified image from ElcomSoft the company says fools Canon's tamper-detection technology. Elcomsoft

There's a new reason to take note of a Russian programmer who rose to modest fame with his detainment in the United States in 2001: his work to help crack encryption used in Canon cameras.

The programmer and encryption expert is Dmitry Sklyarov, and his company, Elcomsoft, has found a vulnerability in Canon's OSK-E3 system for ensuring that photos such as those used in police evidence-gathering haven't been tampered with.

The result is that the company can create doctored photos that the technology thinks are authentic. To illustrate its point, it released a few doctored photos that it says passes the Canon integrity checks.

"The vulnerability discovered by ElcomSoft questions the authenticity of all Canon signed photographic evidence and published photos and effectively proves the entire Canon Original Data Security system useless," the company said in a statement. Sklyarov presented the findings at the Confidence 2.0 conference last week.

Canon didn't immediately respond to a request for comment.

Sklyarov discussed his methods in a conference presentation (PDF). In it, he offered some advice on how Canon could fix the issue in future cameras. Along with the technical advice was this: "Hire people who really understand security."

Wait, which country gave the Statue of Liberty to the U.S. as a present? Another doctored Elcomsoft image.
Wait, which country gave the Statue of Liberty to the U.S. as a present? Another doctored Elcomsoft image. Elcomsoft

Sklyarov's earlier fame came when the FBI arrested him after presenting information about cracking encryption of an Adobe Systems eBook electronic book format. He was charged with criminal violations of the Digital Millennium Copyright Act (DMCA). Adobe backed off from its support of the case after programmer protests, though, and Sklyarov was acquitted.

 

ARTICLE DISCUSSION

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

Hot on CNET

CNET's giving away a 3D printer

Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.