Canon Original Data Security System Vulnerability
OSK-E3 is proved useless
The credibility of photographic evidence becomes vital in numerous situations for insurance companies and courts, as they may accept digital image as indisputable evidence if it can be proven genuine. However, the discovered vulnerability in Canon Original Data Security system proves that verification data can be forged and, thus, the whole verification system cannot be relied upon.
In brief, modern DSLR (Digital Single-Lens Reflex) cameras produced by Canon feature Original Data Security system which is meant to securely validate the authenticity of image data and prove image genuineness. Accordingly, one can use OSK-E3 (Canon Original Data Security Kit) which comprises smart card and special software to verify a digitally signed image.
ElcomSoft discovered the vulnerability which allows producing images that will be positively validated by Canon’s own Original Data Security Kit (OSK-E3) regardless of whether or not the images are, in fact, genuine.
We will also talk about this vulnerability in detail at Confidence 2.0 in Prague on November 30, 2010 (today) at 15:30-16:30 (GMT+1) Track 1:
Check out Dmitry Sklyarov’s presentation: Forging Canon Original Decision Data. File size: 396 K
Read about the vulnerability in the press:
Try the following images
Here you can try our edited photos that successfully pass authenticity verification. Click the images to open and download the files in high resolution and test them with Canon OSK-E3 if you doubt.
Original images produced by: NASA, Koutarou Tanaka, suzu-sinn, Centro Ufologico Taranto and some others (they know).