Huge Security Hole Found In Many Nikon Cameras
Researchers have recently discovered a flaw in the system used by Nikon professional digital cameras, the same system that ensures that images have not been tampered with. What usually happens in high-end SLR digital cameras is a unique and encrypted signing key is assigned to an image when it is shot. This image is then verified by Nikon’s proprietary Image Authentication System. When an image gets edited, this key is overwritten, and the software does this automatically.
A Russian company named Elcomsoft has recently discovered a way to extract the original verification key so it can be attached to any image regardless of whether it has been edited or not. The security hole affects many Nikon digital cameras’ verification system; specifically the D3X, D3, D700, D300S, D300, D2Xs, D2X, D2Hs, and D200 SLRs.
Although Elcomsoft has not yet offered an explanation of how it found the security hole, it has published proof-of-concept images to back up its claim. Why is this such an issue? Image verification systems were implemented to make digital images admissible in court as well as provide the gold standard of proof on whether an image is real or not. The researchers wrote about this issue directly to Nikon, and after not receiving a response for “quite a long time”, they decided to leak the information out to the public.