Canon “Original Data Security” Cracked, Rendered Useless

Canon’s OSK-E3 Original Data Security Kit, which is used to prove the authenticity of photos, may have just been rendered useless thanks to a vulnerability discovered by Russian forensic software firm, Elcomsoft.

The authenticity of a photograph is of the utmost importance in court cases and other commercial and industrial applications.

“The Original Data Security system was intended to ensure that images, taken with a compatible Canon camera, are unaltered in any way and contain the original valid GPS data. The system was designed to prove image originality as well as time and place of the capture. The intent of the system was to protect the integrity of images shot as evidence. According to Canon official announcement, the credibility of photographic evidence is directly linked to its legitimacy when making legal decisions. The Canon data security system is being used by world leading news agencies including Associated Press as effective means to ensure that each agency’s photo manipulation policies are enforced.” -Elcomsoft

According to Elcomsoft, the company has “proven the system to be far from bullet-proof. The company was able to extract signing keys from Canon digital cameras, use the keys to sign an altered image and successfully validate fake photos with Canon Original Data Security Kit (OSK-E3).”

To prove its point, Elcomsoft has published a number of manipulated images (shown below) that the company successfully validated with Canon’s Original Data Security Kit.

[Elcomsoft via Help Net Security]