April 29, 2011
Elcomsoft contests Nikon and Canon’s Image Authentication systems
Nikon’s authentication key can be tampered with, says Elcomsoft, a Russian white-hat security firm. According to Nikon, any image taken should ideally carry an encrypted signing key, which is overwritten the minute the picture is edited; the presence or absence of this key can be checked for later. But Elcomsoft has now stated that the key can be re-written, and therefore fake images are made “authentic” according to Nikon’s tools. The matters have been brought to Nikon’s notice, but there has been no response. While the actual method itself hasn’t been disclosed, a few sample photos (doctored) are provided that should pass the Nikon authentication system.
Elcomsoft is the same company that found that Canon’s system to the same effect can also be compromised. So if there are sources out there that might have the know-how on this authentication process, its just gotten a lot more difficult for legal and professional purposes, to making sure an image is “real”.