Turkish Airlines_330

Can you tell if a picture is fake?

Click to see full image.

Click to see full image.

Internet is already full of digital images and more is added every day. Digital pictures have become a cheap way for journalists to tell a story and ordinary people upload tons of them to social media. It’s quicker and easier to snap a shot and upload than to describe where you are and what the place looks like.

Photographs have always been seen as some kind of proof. Like a captured piece of reality. We are however aware of the fact that photographs can be manipulated. Digital image processing has revolutionized this area and brought amazing new techniques to us. But image manipulation has actually been a known technique since photography was invented. It is amazing to see what a skilled person can do to traditional images in the darkroom. Not to mention the fact that you can lie a lot just by taking the picture in a certain way.

This article is about our relationship to the digital images on the net. There’s a lot of manipulated pictures out there, but are you able to recognize a fake? And are you even alert and aware that the picture may not be the full truth? We are all confronted with many pictures a day that aren’t completely real. Objects may be added or removed, or heavy retouching has been used to make models look better. Here’s some concrete hints about how to tell the fakes from the real ones.

  • In what context is the picture presented? Image manipulation is the norm in some contexts, like product and fashion photography, and some kinds of artistic photo. News agencies and nature photographers on the other hand have strict ethical rules against manipulation. First think about if manipulation is to be expected and if it should be accepted. Does it matter if the photo isn’t real?
  • Is the image realistic overall? Some manipulated images are so surrealistic that you can dismiss them as unreal at once, even if they are very well done technically. Ask yourself; can this be real? See the illustration to this article for an example.
  • Do you have access to several shots from the same scene? Are there discrepancies between them?
  • Are light and shadows similar between objects in the picture? Pay attention to which side is lighter, how hard the light seem to be and how the objects cast shadows. Needless to say, objects close to each other get the same light in real life. If they are illuminated differently, they may originate from different photos. Also pay attention to the environment. From what direction is the light supposed to come?
  • Is the perspective right? Getting this right is always a challenge when combining objects from different pictures. Just look at the shot and trust your gut feeling. Pictures with minor perspective errors do often feel wrong even if you can’t tell what the problem is.
  • Does the objects’ edges look right? A lot of work may go into the edges when putting something in front of a new background. They often give away the fake if they are done sloppily or with lacking skills. Pay special attention to people’s hair as that is hard to mask.
  • Image manipulation often requires filling areas to replace removed objects. Patterns that repeat in an unnatural way is a sure sign of sloppy cloning. Cloning can also be used to multiply an object, but several identical object do rarely look exactly identical in a real photo due to differences in perspective and lighting. It’s fishy if they look identical in a picture.
  • Is the color consistent? Do different parts of a human’s body have the same skin color? An object’s apparent color depends very much of the illumination’s color temperature. Do the different objects have a consistent color cast?
  • All digital capture devices leave some kind of structure in the picture. Most notable is the noise produced by digital cameras. You can check that this structure is constant over the whole picture if you have access to a fairly hi-resolution image. It’s futile to try this on small images from on-line news sites.
  • Metadata is data hidden inside the image files. One important piece of data is the software used to save the file. A camera model name would indicate no manipulation at all. Workflow programs like Adobe Lightroom and Apple Aperture are typically used to do moderate adjustments of images, but no real manipulation. The image may be heavily manipulated if it is saved by Photoshop. But this does on the other hand prove nothing as you can do minor adjustments is Photoshop too. Also remember that this data may be lacking or even forged.
  • Even if a picture is totally genuine, it may be misleading if presented in the wrong context. Like someone using a picture of somebody else for a dating site profile. Here Google Image search comes in handy. Click on the camera to the right in the search field to open “Search by image”. Upload a copy of the image or paste in a link to it on the net. Google will search for images that look the same regardless of what context they are published in. This can often reveal that the image was found on the net rather than taken by someone who has posted it as his own.

That’s a quick list of things that help you spot the fakes. Using these hints require some training, but you will soon start seeing the manipulations if you keep them in mind when looking at images. But is it possible to make a perfect fake that is undetectable? Yes, especially if a skilled artist can work on a high resolution image and the result is scaled down to be published on the web. That down-sampling can hide the signs of manipulation effectively and make the fake practically undetectable for laymen. Scientific analysis methods are more capable, but they are not available to us mortals. And they may also fail to detect good fakes.

So the moral of the story is really that a photo shouldn’t be trusted too much unless its background is known and we know what ethical principles the photographer and publisher adhere to. News agencies typically pay attention to this and promise us authentic news pictures. These pictures are typically trustworthy, even if scandals do occur.

Safe surfing,Micke

PS. This funny video is one of my favorites on YouTube.

More posts from this topic

23717191060_edfd6a465b_k

Don’t ruin our trust in the update process!

We can see signs of a disturbing trend. Nowadays there is a built-in update process in almost every software product, and the automatic updates are essential for our devices’ security. The main driver to implement them was to be able to reach out quickly when vulnerabilities are discovered. And most users got the message. We understand the need for updates and let them be installed promptly. This is great from security point of view. So I’m very sad to see increasing misuse of users’ trust in the updates. Apple is making headlines right now with the “Error 53 scandal”. In short, upgrading to iOS 9 may brick your device, that is render it totally useless, if the new system detects that an unauthorized repair has been performed. The official reason is that Apple wants to protect the user’s data against attacks involving tampering with the device. The new functionality does however smell to high heaven. Apple has already a bad reputation for keeping its ecosystem closed and tightly managed, and this incident just feeds that reputation. It doesn’t take a genius to figure out that a move like this also benefits authorized Apple service companies over unauthorized. Bashing Windows 10 is also popular right now. I’m not going into all the security and privacy issues here. But I think the way Microsoft is pushing out Windows 10 to users of previous versions is disturbing. Yes, the automatically distributed upgrade is convenient, if you want to upgrade. And as said, upgrading is usually good from security point of view. But people may have tons of valid reasons to postpone the upgrade, and this is where things get nasty. Several gigabytes are downloaded anyway and use up disk space in vain. Language in the upgrade dialog suggests you have to upgrade. And it starts all over even if you decline, clean up and disable the updates. Even worse, now the upgrade may even start automatically without your consent! People are raging over these incidents because they cause major inconvenience and interferes with your ability to use a product you have purchased. But another at least equally severe side effect is that every case like this undermines peoples’ trust in update services. I bet people with a bricked iPhone will be hesitant to install new versions of iOS in the future. And my opinion about Microsoft’s update service has definitively changed while defending a touch-screen computer with Windows 8.1 from the upgrade. Yes, I have tried Windows 10 on it. No, it didn’t work properly so I had to roll back to 8.1. So to conclude. Rapid updates are more important than ever. Therefore it is very sad to see companies misuse the update channels to roll out features and versions that are designed mainly to boost their own business. The outcome may be that people to a larger extent decline updates or try to block update systems that can’t be disabled. Permanent damage has been caused in that case.   Micke   PS. There’s some good news for people who want to stay on their previous Windows versions. There is a registry setting that can be used to prevent the upgrade. See MS Knowledge Base Article 3080351 for more details.     Image by Nick Hubbard

February 11, 2016
BY 
Safer Internet Day

What are your kids doing for Safer Internet Day?

Today is Safer Internet Day – a day to talk about what kind of place the Internet is becoming for kids, and what people can do to make it a safe place for kids and teens to enjoy. We talk a lot about various online threats on this blog. After all, we’re a cyber security company, and it’s our job to secure devices and networks to keep people protected from more than just malware. But protecting kids and protecting adults are different ballparks. Kids have different needs, and as F-Secure Researcher Mikael Albrecht has pointed out, this isn’t always recognized by software developers or device manufacturers. So how does this actually impact kids? Well, it means parents can’t count on the devices and services kids use to be completely age appropriate. Or completely safe. Social media is a perfect example. Micke has written in the past that social media is basically designed for adults, making any sort of child protection features more of an afterthought than a focus. Things like age restrictions are easy for kids to work around. So it’s not difficult for kids to hop on Facebook or Twitter and start social networking, just like their parents or older siblings. But these services aren't designed for kids to connect with adults. So where does that leave parents? Parental controls are great tools that parents can use to monitor, and to a certain extent, limit what kids can do online. But they’re not perfect. Particularly considering the popularity of mobile devices amongst kids. Regulating content on desktop browsers and mobile apps are two different things, and while there are a lot of benefits to using mobile apps instead of web browsers, it does make using special software to regulate content much more difficult. The answer to challenges like these is the less technical approach – talking to kids. There’s some great tips for parents on F-Secure’s Digital Parenting web page, with talking points, guidelines, and potential risks that parents should learn more about. That might seem like a bit of a challenge to parents. F-Secure’s Chief Research Officer Mikko Hypponen has pointed out that today’s kids have never experienced a world without the Internet. It’s as common as electricity for them. But the nice thing about this approach is that parents can do this just by spending time with kids and learning about the things they like to do online. So if you don’t know what your kids are up to this Safer Internet Day, why not enjoy the day with your kids (or niece/nephew, or even a kid you might be babysitting) by talking over what they like to do online, and how they can enjoy doing it safely.

February 9, 2016
BY 
Virdem malware, old viruses, Malware Museum

Step back in time to when hackers were just having fun

What's so fun about old malware? In just four days more than a hundred thousand people have visited The Malware Museum -- an online repository of classic malware, mostly viruses, that infected home computers in the 1980s and 90s. Working with archivist Jason Scott, Mikko Hyppönen -- our Chief Research Officer -- put together 78 examples finest/worst examples of old-school malware that includes emulations of the infections with the destructive elements removed so you can enjoy them safely. "I only chose interesting viruses," Mikko told BBC News. The result is "nerdy nostalgia," says PC Magazine's Stephanie Mlot. The exhibits feature clunky ASCII graphics, pot references and obscure allusions to Lord of the Rings. While an early ancestor of ransomware like Casino was willing to ruin your files and call you an "a**hole," it wasn't trying to extort any cash out of you. That's because the creators of these early forms of digital vandalism were amateurs in the truest sense of the world. They did it for the love of mayhem. We long for the days of "happy hackers," as Mikko calls them, because the malware landscape today is so ominous. "Most of the malware we analyze today is coming from organized criminal groups... and intelligence agencies," Mikko explained. To keep the memories of the good old days alive, we're going to make t-shirts celebrating some classic malware. And we'd like you to choose which viruses we should commemorate. CRASH V SIGN FLAME CASINO PHANTOM (Image via @danooct1) [polldaddy poll=9302985] If you appreciate the Museum, Mikko asks that you contribute to the Internet Archive. You can learn more about Malware from Mikko's Malware Hall of Fame. Cheers, Sandra

February 8, 2016