Dmitry Sklyarov and co. crack Canon's "image verification" anti-photoshopping tool

Dmitry Sklyarov and his colleagues at Elcomsoft have cracked the "image verification" system in high-end Canon cameras; this system digitally signs the photos you take so any alternations, "touch ups" or other modifications can be detected. Sklyarov (who became a cause celebre when he broke the DRM on Adobe's ebooks and was thrown in jail by the FBI at Adobe's behest) and his team have a sense of humor -- they've produced correctly signed images of astronauts planting the Soviet flag on the moon and the Statue of Liberty holding a sickle, among others.

The problem is that the HMAC sits in the camera's RAM in a de-obfuscated form and can be extracted, according to Sklyarov. It is also possible to extract the HMAC from the camera's Flash ROM and manually de-obfuscate it. Canon also released a third version of ODD, which Sklyarov was also able to break and forge the ODD. Elcomsoft has written a program that can analyze a camera's processor and firmware.
The problem is a design flaw and can't be fixed, according to Elcomsoft. Sklyarov said he was able to extract the HMAC keys for the following models: EOS 20D, EOS 5D, EOS 30D, EOS 40D, EOS 450D, EOS 1000D, EOS 50D, EOS 5D Mark II, EOS 500D and EOS 7D.

The problem, of course, is that for this system to work, the camera has to keep a secret from its owner -- and if one camera owner manages to extract the secret, all cameras fall. According to NetworkWorld, Sklyarov offers a silly remedy for this: "Canon should prevent its cameras from running non-Canon code to avoid the use of software tools by an attacker" -- that is, use DRM to control which code can run on a Canon camera (there is a thriving world of hobbyists who have improved the Canon firmware).

This has multiple problems: the first one, of course, is that it has the same vulnerability as the flaw that Sklyarov just exploited; that is, his solution for making the camera better at hiding a secret from its owner is to hide another secret in the camera to control the bootloader. The scoreboard on device jailbreaking is basically Jailbreakers: Infinity, Firmware: 0. All that adding another secret to the camera will accomplish is to put people who crack it at risk of being punished under the DMCA, the same law that saw Sklyarov imprisoned. Presumably, he doesn't advocate this.

It's perfectly plausible to think that you might hide a key inside a device so well that most of its users will never be able to extract it (for example, it'd be pretty easy to hide a key inside my laptop or camera such that I couldn't get at it). But for this kind of adversarial computing to work, you need to be able to embed a key in a device so perfectly that no one, anywhere, can extract it (because once the key is extracted, I can just download it from the Internet, rather than steaming open my camera's sealed envelope and getting at its secrets). This is just silly, and no one should rely upon any system that is grounded in it.

Analyst finds flaws in Canon image verification system

I write books. My latest is a YA science fiction novel called Homeland (it's the sequel to Little Brother). More books: Rapture of the Nerds (a novel, with Charlie Stross); With a Little Help (short stories); and The Great Big Beautiful Tomorrow (novella and nonfic). I speak all over the place and I tweet and tumble, too.

MORE: dmca • Gadgets

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

jimkirk

Fake, I can tell by the pixels.

Somebody had to say it.
- Grey Devil
  
  Ur doin it wrong.
  
  That’s shooped. I can tell because i’ve shooped a lot of woops in my time.
ocschwar

The solution for authenticated cameras is simple: a unique key stored in a crypto chip on each camera, so that it can be extracted, but not without visibly physically tampering with the camera case. Then people who need cameras for evidentiary purposes have them, and the rest of us do whatever we want.
Anonymous

You do not need to have a device know a secret to provide trusted computing. The bootrom can check a digital signature of the next stage with asymmetric encryption. It might help to actually understand the technology behind the random concepts you find abhorrent.
Anonymous

Why did they manipulate images of the USA with Soviet imagery? Canon is a Japanese company.
JonS

The ‘key’ to authenticated cameras is really REALLY simple: use film. If chain-of-evidence is really that important, then suck it up and deal with the cost and slight inconvieniece.

What *is* it with the US and digital everything?
Lobster

This won’t be so cute when it reappears in 2 years as “secret Obama plans for Statue of Liberty.”
- Purplecat
  
  Or when it’s
  “See- the moon landing was obviously faked. That picture shows the reverse of the soviet flag, which was actually plain red. And the legs on the LK landing module don’t match the published design specs!
  -crackmonkey74″
DWittSF

They should have spoofed a pic of Stonehenge.
Anonymous

A “sickle”? Really?
Anonymous

Hardware security modules do exist which would make any tampering cause the device to clear its contents. But to expect such a device in a piece of consumer electronics is a bit much.
jgs

there is a thriving world of hobbyists who have improved the Canon firmware

Where? Want.
Anonymous

Wait. Can’t you just take a picture of a photoshopped print?
Bill Barth

I applaud this work, but I’m a bit confused about the supposed win against DRM that this represents. Isn’t the point of the verification kit to help law enforcement preserve the chain of evidence when they take digital photos?

This work is good in that it shows (yet again) that keeping secrets from end users is hard, but it also now gives criminals a defense at prosecution, “You doctored that evidence!” even if the police investigators were trying to act honestly. Some system of digital evidence preservation and provenance seems like it would have value in this world. It’s too bad that such a beast is too hard to create.
- mausium
  
  “This work is good in that it shows (yet again) that keeping secrets from end users is hard, but it also now gives criminals a defense at prosecution, “You doctored that evidence!” even if the police investigators were trying to act honestly.”
  
  There was always the potential to abuse this, from both “criminals” AND law enforcement. The latter does have access, so better that this “verification” does not become considered reliable evidence in and of itself.
Hubert Figuiere

Now how many (criminal) conviction have been based off this authentication? That’s what people get for using obscure systems: a big surprise.
mcherm

A more effective technique (from Canon’s point of view) would be for each individual camera to have a unique key, all signed by a master key. Canon would protect the master key quite jealously and tools that verify images could be coded to approve the image if (1) it is signed by a key derived from the mater, AND (2) the signing key is not on a revocation list. Then Canon merely needs to be at least as good at finding cracked keys as the person trying to download the key.

This protects against minor cases of forgery. Truly motivated individuals will just buy a camera and crack its key then not distribute that to anyone else, so it won’t wind up on a revocation list.
- Anonymous
  
  Because that worked _really_ well for HDCP…
Stooge

Cory, you’ve quoted out of context to get your ‘silly remedy’.

What the article actually said was:
“With future models, Sklyarov wrote that Canon could implement an HMAC calculation in a cryptoprocessor that does not expose it. Also, Canon should prevent its cameras from running non-Canon code to avoid the use of software tools by an attacker.”

Jailbreaking a system with cryptoprocessor-based code signing is generally nontrivial.
janpublic

I think the analysis after this section is incorrect “Canon should prevent its cameras from running non-Canon code to avoid the use of software tools by an attacker”. You don’t need a secret in the camera to make this work. You can use public key cryptography and just make sure, with the public key stored on the camera, that all code that runs have been signed by the private key that Canon uses. The only thing secret needs to be Canon’s signing key which they can keep safely locked up at HQ.
peterbruells

Who cares about the DRM. I want to read about Conrade Washington, ending the reign of British capitalists and establishing the USSA.
Anonymous

Canon does take steps to prevent unauthorized code from running on their cameras: the firmware images are AES encrypted, signed with a SHA1 HMAC and a few other tricks. But, like almost all mass-market, end-user devices, they don’t do a very good job of it. As a result, it doesn’t stop me from building my own custom Magic Lantern firmware images for the 5Dm2 and 550D.
Anonymous

Waste of time. 7D owners want some manual audio levels!
artaxerxes

I think the sickle may be a visual shout-out to Stalin, who as a Creative Director, was perhaps the most influential pioneer in the field of image re-touching in the 20th Century.
Grey Devil

Somewhat related to the post but going off on another tangent. Cameras often have a lot of features gimped by their own firmware on purpose, because the camera-maker wanted to save some of those features for a higher end camera. Other times it’s silly reasons like zoom being disabled while taking video because the zoom mechanism makes too much noise and would be picked up by the mic. So they are making decisions for me on what i want to do with my camera despite some downsides.

Anyways, after contemplating this I’ve been waiting for an open source camera. Where the features are pretty much set by the hardware, not the software. And people can go in and change things around to improve the experience of using the camera. If something like this already exists i am blissfully unaware of it, but still i would like to see large camera brands to adopt this. I’m tired of seeing small improvements from camera generation to generation, and most of those improvements are to the firmware. I can’t help but feel ripped off.
Anonymous

google: chdk
- jgs
  
  google: chdk
  
  Thanks. Looks like it doesn’t cover the SLRs though.
  - Anonymous
    
    google: magic lantern
    
    The two supported Canon DSLR models are the 5D Mark II and the 550D/T2i.