Saturday, January 22, 2011

Cracking Image Verification

Dmitry Sklyarov and his colleagues at Elcomsoft have cracked the "image verification" system in high-end Canon cameras; this system digitally signs the photos you take so any alternations, "touch ups" or other modifications can be detected. Sklyarov (who became a cause celebre when he broke the DRM on Adobe's ebooks and was thrown in jail by the FBI at Adobe's behest) and his team have a sense of humor -- they've produced correctly signed images of astronauts planting the Soviet flag on the moon and the Statue of Liberty holding a sickle, among others.

The problem is that the HMAC sits in the camera's RAM in a de-obfuscated form and can be extracted, according to Sklyarov. It is also possible to extract the HMAC from the camera's Flash ROM and manually de-obfuscate it. Canon also released a third version of ODD, which Sklyarov was also able to break and forge the ODD. Elcomsoft has written a program that can analyze a camera's processor and firmware. The problem is a design flaw and can't be fixed, according to Elcomsoft. Sklyarov said he was able to extract the HMAC keys for the following models: EOS 20D, EOS 5D, EOS 30D, EOS 40D, EOS 450D, EOS 1000D, EOS 50D, EOS 5D Mark II, EOS 500D and EOS 7D.
The problem, of course, is that for this system to work, the camera has to keep a secret from its owner -- and if one camera owner manages to extract the secret, all cameras fall. According to NetworkWorld, Sklyarov offers a silly remedy for this: "Canon should prevent its cameras from running non-Canon code to avoid the use of software tools by an attacker" -- that is, use DRM to control which code can run on a Canon camera (there is a thriving world of hobbyists who have improved the Canon firmware). This has multiple problems: the first one, of course, is that it has the same vulnerability as the flaw that Sklyarov just exploited; that is, his solution for making the camera better at hiding a secret from its owner is to hide another secret in the camera to control the bootloader. The scoreboard on device jailbreaking is basically Jailbreakers: Infinity, Firmware: 0. All that adding another secret to the camera will accomplish is to put people who crack it at risk of being punished under the DMCA, the same law that saw Sklyarov imprisoned. Presumably, he doesn't advocate this.
It's perfectly plausible to think that you might hide a key inside a device so well that most of its users will never be able to extract it (for example, it'd be pretty easy to hide a key inside my laptop or camera such that I couldn't get at it). But for this kind of adversarial computing to work, you need to be able to embed a key in a device so perfectly that no one, anywhere, can extract it (because once the key is extracted, I can just download it from the Internet, rather than steaming open my camera's sealed envelope and getting at its secrets). This is just silly, and no one should rely upon any system that is grounded in it.


  1. That's pretty genius. I'm not interested in falsifying images and signing them properly though. I'm more interested in using the image metadata or something to figure out who took the picture. Exifs aren't enough. Anyway, this is brilliant... Funny even.

  2. that problem could become even greater if not fixed soon

  3. the freedom to crack my own camera sounds like a basic freedom to me.