ElcomSoft Researchers Discover Vulnerability in Canon Original Data Security System

MOSCOW, November 30, 2010 /PRNewswire/ -- ElcomSoft Co. Ltd. discovered vulnerability in Canon's Original Data Security System, a validation system to guarantee authenticity of digital images captured with supported Canon Cameras. The vulnerability opens the possibility to produce images that will be positively validated by Canon's own Original Data Security Kit (OSK-E3) regardless of whether or not the images are, in fact, genuine.

After performing analysis of Canon hardware, ElcomSoft researchers were able to extract secret keys used to calculate authentication data from Canon EOS digital cameras, and use the keys for adding authenticity signatures to a set of manipulated digital images. The images signed with an extracted key come validated as being original and authentic by Canon's Original Data Security Kit (OSK-E3).

The vulnerability exists in all Canon cameras manufactured to this day and having the security feature. All current cameras are susceptible, including the entire range of consumer cameras (e.g. Digital Rebel XS, also known as EOS 1000D in Europe and Kiss F in Japan), semi-pro and professional series, including the latest EOS-1D Mark IV.

ElcomSoft is not releasing any technical detail. However, the company made Canon aware about the vulnerability by notifying the vendor as well as CERT Coordination Center as a trusted third-party.

ElcomSoft published a set of manipulated images successfully passing validation with Canon Original Data Security Kit OSK-E3 at http://canon.elcomsoft.com/

About Canon Original Data Security System

The Original Data Security system was introduced by Canon as means to securely validate the authenticity of image data and prove image originality, ensuring that images and their meta-data such as geo-location information are unaltered in any way. World leading news agencies, including Associated Press, use Canon Original Data Security system as means to ensure image originality and authenticity.

About ElcomSoft Co.Ltd.

Founded in 1990, ElcomSoft Co.Ltd. develops state-of-the-art computer forensics tools, provides computer forensics training and computer evidence consulting services. Since 1997, ElcomSoft has been providing support to businesses, law enforcement, military, and intelligence agencies. ElcomSoft tools are used by most of the Fortune 500 corporations, multiple branches of the military all over the world, foreign governments, and all major accounting firms. ElcomSoft and its officers are members of the Russian Cryptology Association. ElcomSoft is a Microsoft Gold Certified Partner and an Intel Software Partner. More information at http://www.elcomsoft.com/

    ElcomSoft Co. Ltd.

    http://www.elcomsoft.com/

    [email protected]

    Katerina Korolkova
    +7-(495)-974-1162
    [email protected]

SOURCE Elcomsoft Co.Ltd.