Nikon Image Authentication System Cracked
April 29, 2011 /Photography News/ Just months after Canon's camera encryption was cracked, the same team has claimed that it has managed to crack Nikon's authentication system.
Nikon Image Authentication enables users to determine whether an image has been altered after being shot. According to Nikon, the system provides proof of image authenticity for the purpose of law enforcement, insurance, businesses, and media agencies.
Russian encryption specialist ElcomSoft researched Nikon's Image Authentication System and claims to have discovered a major flaw in the manner the secure image signing key is being handled. The original signing key was extracted from a Nikon camera, and manipulated images with valid authentication signature were produced. The forged images successfully pass validation with Nikon Image Authentication Software.
ElcomSoft asserts that all past and current Nikon cameras supporting Image Authentication are affected, including Nikon D3X, D3, D700, D300S, D300, D2Xs, D2X, D2Hs, and D200 digital SLRs.
Because digital photographic evidence is so often relied upon in court, as well as in politics, Vladimir Katalov from ElcomSoft says Nikon's image problem could have serious ramifications.
"If ElcomSoft, a small company, has done it, there's no guarantee whatsoever it has not been done before or will not be done after," Katalov said.
ElcomSoft notified Nikon and CERT about the issue. No response was received from the vendor.
In late 2010, ElcomSoft performed a security analysis of Canon’s proprietary image authentication system. Similar to Nikon’s, the system was supposed to prove image authenticity in the eyes of the media, law enforcement, government, and business organizations. As demonstrated by ElcomSoft, a major security flaw exists in Canon’s implementation, which has not been addressed in any way even today, after half a year after discovery according to ElcomSoft blog.