About 15 years when I got my first digital camera, I noticed that there were always a few dots in the same spots that were bright white/red/green/blue no matter what the settings on the camera were or what the picture was of. I found out these were "hot pixels" and were caused by defects in the sensor. I'd always wondered if someone could create an algorithm to match photos to a specific camera based on hot pixels. It seems like this is exactly that.
Yeah, cameras calibrate out those pixels essentially by taking a photo of total darkness (taking an exposure while the shutter is closed) and discarding any pixels that still read bright. I noticed this happen a while back and the location of the dead pixel was visible if I took a photo of fabric. I could see where the pixel was being interpolated from surrounding pixels. Super subtle, I could only notice by knowing a-priori where the dead pixel was, but something that an algorithm could detect.
I wonder how well this fingerprinting technique works when photos are resized or manipulated, though.
For certain types of photography (for example low-light) it's important to remove them if you care about quality, I think software for getting rid of hot pixels came first. All you need is enough suitable shots from the same camera, so it's sort of trivial. Of course this can also be used as a sort of fingerprint, so it's true that if you want to share photos truly anonymously you need to get rid of those pixels in addition to the metadata.
Laser printers (color ones) are (were?) required to have some sort of built in imperfection because they were too good and could be used for counterfeiting.
I wouldn't be surprised if this eventually is a requirement for cameras, you know, just because law enforcement wants it.
I have a feeling that someone like Samy Kamkar is already thinking about writing a convenient tool to replace the fingerprint of one camera with that of another on a photo.
(Hm, the latest entry on samy.pl is two years old. Is he well?)
Well the Dutch are famous for their work ethic. Seriously, an assertion like that is easy to make but it could well be that they are better about keeping statistics and are more willing to publish them transparently.
Same issue with the numbers on sexual abuse in Sweden, they are more often reported and the definition is broader than the common sense belief. Numbers appear ridiculous (to the point where the alt-right loves taunting Swedes with "rape capital of the world" and such) but it's just a matter of much better statistical collection, and more nuanced (and broader) interpretation of what configures sexual abuse.
It would be far easier to force phone and camera manufacturers to “embed” a fingerprint in the photo than to measure every sensor.
Also these fingerprints in reality are very flaky and the higher the quality of the sensor the less of a fingerprint there is to work with.
The fingerprints are also dependent on specific operating conditions which can change with firmware and operating parameters (e.g. digital zoom / cropping) as well as environmental conditions such as light levels and even temperature.
Most phones do that for you anyhow. Unless there are serious defects in the sensor that would probably mean it would fail QA even for bargain bin phones the amount of “AI” post processing that phones do these days is probably sufficient to erase any sensor fingerprint.
Even with DSLRs and RAW files you often don’t get a RAW output from the sensor all of them do their own “color science” magic and other alterations like denoising too even on the rawest of the RAW settings.
RAW files today just mean that the files are uncompressed or the least compressed since there might be some compression/downsampling happening at readout anyhow and that you get a ton of metadata that can be used by a photo editing app to better work with the image.
The file, but not the image. Also easily removable, although companies have been clearly encouraged to make this difficult in mainstream software and to set maximal defaults. Probably doesn't take much encouragement, because the more metadata, the more automagic.
A lifetime ago, I summarized the techniques of sensor detection for a stackoverflow answer, see [1].
The generic answer is every step of the acquisition/storage process can create artifacts worth analyzing statistically: lens defects, color filter array patterns, imaging sensor noise, color filter array interpolation technique, JPEG quantization coefficient varying per camera/manufacturers...
From reading the article, it looks like it talsk about PRNU[0] without really saying it's PRNU. For a while this technique was known (the earliest papers about it are from the early 2000s) but it was computationally complex at the moment, and the domain of a few very knowledgeable persons. A couple[1] of years ago, MobilEdit finally included a decent UI and implementation of the technique into their software[2], which has made it available. However, I'm unsure if the majority of those who use it truly understand what the technique does and what conclusions you can draw from it.
Oh and great summary on SO FrenchyJiby! It's a good intro to those that aren't aware of what can and can't be done in image analysis :)
Yes, but it sounds like forensic researchers envision this tool being the equivalent to bullet striation. So in other words, law enforcement finds a suspect, captures their camera, photographs RAW images, and then compares the sensor imperfections in the seized camera to known illicit materials.
Of course this breaks down with used sales and camera rentals, especially since those aren’t tracked as intensively as firearms sales.
It’s possibly difficult with one or two images but with several, I’m pretty sure you can apply some sort pattern matching and statistically hit a certainty threshold. The question then becomes, can you use this tech as forensic evidence in a court?
Any camera does a huge amount of processing before even giving you a raw file, in most cases. And any algorithm for data reduction like converting true raw sensor output to processed data, say JPG, is somewhat hash like. But not a cryptographic hash, more like a locality sensitive hash. Of course this can be exploited to identify cameras.
Really old Sinar digital backs came with a calibration file unique to the CCD serial, newer cameras have it embedded in their firmware typically. You can also build these calibration files, but the way you apply it will still leave processing "marks" that someone will be able to pick up.
I wonder if this would still work with cameras like the S22 Ultra which has iirc, ~108MP sensors and uses pixel binning to improve the pic and outputs ~12MP photos. Seems the binning algorithm would obscure many of the 'sins' of the individual pixels and blend the output to something more like what is generically expected from a photo. Or, could the algorithm actually wind up amplifying some of the flaws, perhaps once they got past a certain size?
There are usually blobby patterns to the overall non-uniformity, with tiling for larger (full-frame and up) sensors where the different parts of the sensors are stitched during lithography and commonly vertical lines or groups of lines for differences between the column amplifiers and ADCs (CMOS image sensors usually have one PGA and ADC for every column). You can look at this by searching for dark frames astrophotography people post.
After learning about this, all kiddie pornographers will learn to put their photos through postprocessing to mask any signatures. Activists photographing corporate or government crimes may not take the same precautions.
