The Old Joel on Software Forum: Part 3 (of 5)

Virus from a poster?

do you (yes YOU!) think they could make a virus that would crash a digital camera (or PC displaying a photo) if you took a photo of a certain poster? Like maybe a poster made to look like one of those 3D magic eye things but it really was just a nasty pattern that when photographed would crash your camera?

I know it seems like a silly question, but I was just having a review of "Whiteboard Photo" and it got me thinking.

ChrisO
Tuesday, January 6, 2004

If the camera is taking pictures in RAW mode, I think the answer is no, since the stored image is just a straight capture of the information stored by the cameras CCD or CMOS sensor. There's not really anything for the data in the image to crash.

I would think it's theoretically possible to find a vulnerability in the image processing software inside a particular camera (the routines that convert the raw data to JPEG, do in-camera sharpening and color adjustment, etc.), and find some way to exploit it, but it seems incredibly unlikely to me.

Interesting question though.

Mike Treit
Tuesday, January 6, 2004

>> "do you (yes YOU!) think they could make a virus that would crash a digital camera (or PC displaying a photo) if you took a photo of a certain poster?"

Interesting question... I just read a short story about a virus that would crash a human mind if you took a look at a certain poster:

"Different Kinds Of Darkness" by Hugo winning author David Langford is one of the best tales of this issue. Scientists discover a new form of optical illusion that does not just fool the eye as do the more mundane sort we know. It induces seizures and death in the viewer. Worse, terrorists have taken them and presented them on TV or displays in public areas, killing millions. So children are equipped with a microchip at birth that allows the adults to filter and control what they see. The story itself follows a group of children at a boarding school as they explore their induced disabilities even as they stumble across a solution to the terror. This is a wonderful tale with a fresh idea, and an odd point of view that is just right."
-James S. Reichert Tangent Online

http://www.fictionwise.com/ebooks/Ebook750.htm

bob
Tuesday, January 6, 2004

Assuming a digital camera is using simple compression algorithms there really should be no danger of that.

CMOS basically captures these raw data 0-255 byte by byte and throws it at at the hardware jpeg farm a few transistors away. It isn't so hackable because of the following:

* The CMOS can only capture so many pixels, so there's no worry of storage overload there.

* Algorithmic overloads? The jpeg farm works on blocks and neighboring blocks, unlikely to over load for any reason.

However, if you are talking about a software loading an image file (or a malicious user intentially corrupting a memory card destined to be read by a digicam), that's altogether a different (and more vulnerable) attack... most software or hardware image manipulators and clients will cheat (not enough assertions) when it parses the descriptors and data in a file, opening the possibility of certain types of overflow attacks. Assuming you know the algorithm being used (like that of LivePicture) you may be able to send certain attacks to such a utility using the right files, but giving a camera seizure by showing a picture is pretty unlikely.

Li-fan Chen
Tuesday, January 6, 2004

In theory: yes. I could hypotetically deliberatly build camera software that crashes e.g. when the right half of the image is predominently red, and the left side predominently green.

In practice: not until you show me the evidence.
Even discovering a flaw e.g. in the compression it would be quite a coincidence if it was simple enough to
a) not occur in normal usage so it would have passed QA and
b) have enough margin to be reliably triggered by something as vaguely specified as "photograph of a certain poster"

Just me (Sir to you)
Tuesday, January 6, 2004

>b) have enough margin to be reliably triggered by something as vaguely specified as "photograph of a certain poster"

Isn't that the question. I mean, you are talking about having code embedded in the poster, such that the code can execute itself (by loopholes and flaws in the camera's builtin os/applications).

But how do you ensure that the picture is taken correctly? What if it is taken at a slight angle, wouldn't the hidden code remain invisible? etc etc

Aussie Chick
Tuesday, January 6, 2004

If the idea is that the picture translates into code when photographed I would say in practice not possible. The chips that capture the image are not contrast based but rather register absolute light levels. Even ignoring the variation between chips how could one predict the exact level of ambient light when photographing the poster? Thus the bytes in the camera could never be predicted thus no specific code imposed.

If you are talking about busting the jpeg algorithm, it sounds unlikely but I don't really know.

Name withheld out of cowardice
Tuesday, January 6, 2004

Lots of programmers optimize for average-case, not worst-case. A possible attack is an image that forces a processing routine to go slow. This is indeed one way webservers are attacked using a minimum of bandwidth. People even inadvertently attack themselves when trying to compress something that's already very compressed.

Of course, though I've rarely used one, digital cameras seem to be pretty good input filters.

The paranoias of being a programmer... Data IS code.

Tayssir John Gabbour
Tuesday, January 6, 2004

Hmmm..interesting concept.

However, I would say this would be virtually impossible to pull of. The lighting of the poster (or whatever) would have to be precisely what the attacker needed, not to mention the angle as well focal length of the lens.

Interesting, but highly unlikely.

Mark Hoffman
Tuesday, January 6, 2004

I like this... this is an interesting idea.

I think there is another place where some exploits might be available. I think the gap may lay in the software used to interperlate the image. The exception to this would be the Sigma SD9 and a photo taken in raw mode. When a picture is taken with a typical digital camera there are holes in the image that need to be filled in to complete the image. The cameras have software (algoritums that depend on the maker and the chip type) that interperlates the missing pixels and completes the image before converting it to a jpeg or tiff.

I know different companies have had some real problems with the code that does this and they have been forced to teach photo guys how to update the programs in their cameras. Then you look at some of the new 22 mega pixel digital backs that are out there (or soon to be) and I start to wonder if taking in that much info makes it easier to exploit a flawed algorithm?? The shots I saw from the new Hasselbald back were unreal they were picking up subtle veins under the models skin that a conventional 4x5 would just pick up as well. If anything there has to be some interesting ways to distribute imbedded information within an image that big.

Just an interesting idea in general.

Jeff
Tuesday, January 6, 2004

Errors of some cameras might be exploited to produce an image in the final result, that isn't visible when the poster is viewed in person. This could lead to a social attack.

Emergent properties are scary...

Tayssir John Gabbour
Tuesday, January 6, 2004

Like I said it was just a thought that popped in my head when reviewing that program and I thought was interesting so I posted it here.

I did think of those issues such as the photo would have to be taken at the correct focal length and lighting conditions, but thanks for those explanations of the way digital cameras capture images.

Who knows, maybe with 22 Megapixel cameras (How did they make them? Mine is only 2MP!) it may happen.

ChrisO
Tuesday, January 6, 2004

Taking a picture with a digital camera is more involved than just opening a shutter and letting light shine in. It does things like determine shutter speed, autofocus, determine if flash is needed, etc.

It might be possible to spoof one of these measurements to cause the camera to crash too, regardless of the image.

pdq
Tuesday, January 6, 2004

"Who knows, maybe with 22 Megapixel cameras (How did they make them? Mine is only 2MP!) it may happen."

Ahh that bad boy is only in a couple hands right now. Not sure on the technical details yet (I missed going to photo101.info where a presentor had one to show off). I have seen some prints from the camera and some raw images and they were unreal.

http://www.imacon.dk/sw1417.asp

That back will be in the $20k range without the body when it does come out.

Jeff
Tuesday, January 6, 2004

This is similar to the main idea of Neal Stephenson's 'Snow Crash'. If you haven't read it, do!

Chris Andrews
Tuesday, January 6, 2004