Here is an update on the major vulnerability in Nikon’s C2PA feature, which a long-time NR reader and contributor, Horshack detected. Nikon has sent out a new notice, informing users that all C2PA certificates issued will be revoked. Here are the details: In my recent major vulnerability post I had my C2PA-enabled Z6 III sign a photo from my non-C2PA “imposter” Z6 III. That was a photo of a screenshot, but I also claimed it should be possible to have the camera sign any digital image data I can stuff into the NEF. Today that is a manifested reality. I have written an NEF data encoder, which lets me to take a regular digital image file like a TIFF and encode it using Nikon’s proprietary NEF lossless compression. That encoded data can then be grafted on top of a skeleton NEF from my imposter Z6 III, which is used by my C2PA-enabled Z6 III to take a C2PA-signed jpg via the multi-exposure vulnerability. To be clear, this is not a photo of a screenshot but a 1:1 digital copy of a source image that’s been encoded into an NEF compressed bayered format. I present “Pug flying a commercial jet”, a Gemini-created and AI-upscaled image signed by my C2PA-enabled Z6 III: Gemini-created AI image, signed by my Z6 III And here is the C2PA online verifier report for the above image: Online C2PA verifier report You’ll notice the image is monochrome / two-toned – right now I’m using a rudimentary image -> bayer conversion...
Published By: Nikonrumors - Yesterday