|
When you purchase through links on our site, we may earn an affiliate commission. Here's how it works. |
First off, good job by Horshack of dpreview forum fame for discovering the hack that allowed this to happen in the first place. Secondly, I tip my hat to Nikon for reacting very quickly and taking the program offline while they correct the flaw in the image signing process.
Essentially, Horshack discovered a significant vulnerability, a way of getting the Nikon Z6 III to sign an image, but with the resultant image being one in which the camera never actually took. This way, a falsified image could be inserted and signed, making it appear authentic and genuine for all purposes.
Nikon released a brief and concise message regarding the discontinuation of the program, which was only issued as a beta for the Z6 III's version 2.0 firmware.
We have confirmed that an issue has been identified in the Nikon Authenticity Service. In response to this confirmation, the service has been temporarily suspended while we work diligently to resolve the issue. We will provide an update as soon as the corrective measures are complete.
We sincerely apologize for any inconvenience this may have caused.
https://imagingcloud.nikon.com/news/
What are content credentials? As we previously discussed, content credentials aim to ensure that any image actually taken is accurate. It also tries to make sure that anyone knows the image processing that occurred after the photo was taken.
We are witnessing extraordinary challenges to trust in media. As social platforms amplify the reach and influence of certain content via ever more complex and opaque algorithms, mis-attributed and mis-contextualized content spreads quickly. Whether inadvertent misinformation or deliberate deception via disinformation, inauthentic content is on the rise.
Nikon's own press release stated this about it, with the addition of the Nikon Z6 III's version 2.0 firmware.
Nikon is committed to developing an image provenance function that supports confirmation of image authenticity, aiming to protect individuals and enterprises in the imaging industry from any unfavorable results caused by falsification and/or image manipulation, and to realize a society in which creative and business activities can be conducted with greater peace of mind. Z6III firmware version 2.00 includes an image provenance function that complies with the C2PA standard and is part of the Nikon Authenticity Service. By making a prior request through Nikon Imaging Cloud, users can load the digital certificate necessary for recording provenance data onto the Z6III.
The image provenance function adds metadata – such as information about the equipment used and data that makes it easy to verify whether the image has been tampered with, including a digital signature – to captured image files. This enables users to prove that a photo was taken with a Nikon camera.*2 If the image is then edited repeatedly using C2PA-compliant editing software, additional provenance information can be embedded in the image alongside the original shooting data, making it possible to prove that no misleading edits have been made.*3 In addition, image provenance data can be viewed in Nikon Imaging Cloud.
We hope that Nikon resolves the issue quickly, and I think it's admirable for Nikon to take a very public stance on the problem, and it bodes well for confidence in Nikon's credentials in the future. Many thanks to Horshack for discovering the issue and bringing it to the public's attention so that it can be resolved quickly.
One element that Horshack mentions as well is the fact that EXIF can be modified and still maintain the C2PA verification. This is also a problem that I hope Nikon and other vendors are aware of, and rectify. If it's not just a Nikon issue with signing, I hope other members of the C2PA organization ensure that EXIF's cannot be manipulated as horshack commented;
Many tools like exiftool will rearrange/compact the EXIF data when you use it to modify the EXIF, which will likely invalidate the C2PA credentials. To avoid this you have to update the EXIF data in-place, meaning overwriting the EXIF fields at their current offsets.
This, to me, is alarming because I assumed the EXIF data was part of the signing process, so it could not be modified. But it could also just be that specific EXIF fields are omitted and the multiple exposure flag is one of them.
