Canon "Original Data Security Kit" proved useless

Canon Original Data Security System Vulnerability

Modern DSLR cameras produced by Canon feature Original Data Security system which is meant to securely validate the authenticity of image data and prove image genuineness. Accordingly, one can use OSK-E3 (Canon Original Data Security Kit) which comprises smart card and special software to verify a digitally signed image.

ElcomSoft discovered the vulnerability which allows producing images that will be positively validated by Canon’s own Original Data Security Kit (OSK-E3) regardless of whether or not the images are, in fact, genuine.

I first mocked this snake-oil in 2005: I'm glad someone finally got around to cracking it.

Tags: , ,