MOSCOW, April 28 /CNW/ - ElcomSoft Co. Ltd. researched Nikon's Image
Authentication System, a secure suite validating if an image has been
altered since capture, and claims to have discovered a major flaw in
the manner the secure image signing key is being handled. The original
signing key was extracted from a Nikon camera; manipulated images with
valid authentication signature were produced. The forged images
successfully pass validation with Nikon Image Authentication Software.
ElcomSoft asserts that all past and current Nikon cameras supporting
Image Authentication are affected, including Nikon D3X, D3, D700,
D300S, D300, D2Xs, D2X, D2Hs, and D200 digital SLRs. ElcomSoft notified
Nikon and CERT about the issue. No response was received from the
About Nikon Image Authentication System
Nikon Image Authentication enables users to determine whether an image
has been altered after being shot. According to Nikon, the system
provides proof of image authenticity for the purpose of law
enforcement, insurance, businesses, and media agencies.
Credibility of photographic evidence is vital. Courts, insurance
companies and the media may accept digitally signed photographs as
valid evidence. Many famous fakes were produced by enthusiast
photographers, journalists, editors, political parties, and even the US
To address the issue, Canon and Nikon developed image authentication
systems. In 2010, ElcomSoft claimed to have found a major security flaw
in Canon's image authentication system, which has not been addressed up
to this day.
ElcomSoft believes that a similar vulnerability exists in Nikon's
system, allowing image authentication data to be forged. As a
consequence, they believe the system cannot be trusted, and that
successful image verification by Nikon Image Authentication Software
cannot be treated as proof of authenticity.
ElcomSoft believes that the ultimate vulnerability lies in the way the
image signing key is being handled. The signing cryptographic key can
be extracted from the camera and used to sign any picture, genuine or
not. The signed image successfully passes validation with Nikon Image
About ElcomSoft Co.Ltd.
Founded in 1990, ElcomSoft Co.Ltd. develops state-of-the-art computer
forensics tools, provides computer forensics training and consulting
services. Since 1997, ElcomSoft has been providing support to
businesses, law enforcement, military and intelligence agencies.
ElcomSoft tools are used by most of the Fortune 500 corporations,
multiple branches of the military all over the world, foreign
governments, and all major accounting firms.
Manipulated images passing validation by Nikon Image Authentication
Software are available at http://nikon.elcomsoft.com
SOURCE ElcomSoft Co.Ltd.
For further information:
Contact: Olga Koksharova / email@example.com / Tel: +7(495)974-1162