Nine years after being detained in the United States, Russian programmer and encryption expert Dmitry Sklyarov has cracked Canon’s encryption system. Should we be worried?
The story of Dmitry Sklyarov began back in 2001 when the FBI arrest him after presenting information about cracking encryption of an Adobe Systems eBook electronic book format. Charged with criminal violations of the DMCA, Adobe back off its support of the case and eventually Sklyarov was acquitted.
Fast forward to 2010 and Dmitry Sklyarov is back in the spot light, but this time with the help of his company, Elcomsoft. News came in this morning that Sklyarov and his company had found a vulnerability in Canon’s OSK-E3 system for ensuring that photos such as those used in police evidence haven’t been tampered with.
Simply put, the encryption has been cracked and now Sklyarov and his company can doctor photos without detection. To illustrate a point, several photos (seen below) were released — all of which pass Canon integrity checks.
For the moment Canon has not responded on the situation and a request for comment fell on deaf ears. To Sklyarov’s credit, he discussed the method in a conference where he offered some advice on how Canon could fix the issue in future cameras. Along with the technical advice he recommended that Canon, “hire some people who really understand security”.
The new question is whether the FBI made a mistake back in 2001 when their case against Dmitry Sklyarov crumbled under the court of the law. Granted, he is doing his due diligence to make sure Canon is aware of the issue and he’s even offered up some technical details, but had he been convicted back in 2001 there’s no telling whether this vulnerability would have been uncovered. Now it’s your turn to let us know what you think — is Dmitry Sklyarov out to help or hurt Canon?