ElcomSoft cracks Canon’s Digital Signature Algorithm
In an attempt to stem the many photoshopped images that wind up on the front pages of major newspapers, Canon has integrated a special crytographic security measure that allows someone to determine if the image is an original or has been altered.
In brief, modern DSLR (Digital Single-Lens Reflex) cameras produced by Canon feature Original Data Security system which is meant to securely validate the authenticity of image data and prove image genuineness. Accordingly, one can use OSK-E3 (Canon Original Data Security Kit) which comprises smart card and special software to verify a digitally signed image.
Unfortunately, ElcomSoft today revealed a vulnerability in their algorithm that allows anyone to cryptographically sign any image so that it appears authentic.
ElcomSoft discovered the vulnerability which allows producing images that will be positively validated by Canon’s own Original Data Security Kit (OSK-E3) regardless of whether or not the images are, in fact, genuine.
See some humorous images on their site, as well as the PDF detailing the vulnerability.