skip to Main Content

More About Canon DSLR WiFi Issue (Security & Privacy)

Canon DSLR WiFi Issue

A few weeks ago we reported about an issue all WiFi-enabled Canon cameras have. The WiFi issue could allow someone to steal photos from your camera, or let hackers upload images on the camera. But most scaring: one could get in control of you camera and use as a spy camera (through Live View mode).

German security researcher Daniel Mende discussed the issue again at the Hack in the Box security conference in Amsterdam, again using the Canon EOS-1D X (price & specs) to exemplify the problem. According to Mende the WiFi implementation Canon featured on the EOS-1D X was not designed with security in mind:

If a photographer uses an insecure network like a hotel Wi-Fi network or a Starbucks network, than almost anybody with a little bit of knowledge is able to download images from the camera

Attackers could access the camera in various ways. For instance, when using the FTP upload mode everything is send over the network in clear text (credentials inclusive). Sniffing data is made easy, and pictures that are uploaded can be extracted from the network traffic. Moreover, the cam has an DNLA (Digital Living Network Alliance) mode for sharing pictures and videos between devices without requiring authentication:

In this mode, the camera fires up like a network server […] In this mode, it is also not hard to get your fingers on the footage, you just have to browse to the camera and download all images you like.

The camera also has a built-in web server that does require authentication, but the method uses a 4-byte session ID cookie that can easily be overcome using a brute force attack (using a 6 lines Python script):

Checking all IDs takes about 20 minutes because the web server is not that responsive […] You could for instance make yourself the author of a photo. That would come in handy when you try to sell them

One could also get access to the EOS Utility Mode, hence remotely controlling the camera through the Canon EOS Utility software. If you consider that the software provides Live View functionality, you may easily figure out what it means. Mende says that Canon was not yet willing to listen to him:

The camera is designed to work exactly like this. From Canon’s point of view, there is probably no bug

Daniel Mende’s full presentation, with all the technical details can be seen here.

Canon EOS-1D X price check: Amazon, B&H Photo, Digitalrev, eBay, Adorama, Canon USA

[via PCWorld]

  • 43242

    and who will go through the length and for what?

  • Manta

    so you can download the pictures directly from the camera and don´t have to wait until they appear on facebook.. big deal for a hacker. ;)

    will affect 0,0000005% of the customers.

    really my car keys are not 100% secure either.
    everyone can steal my car in 5 minutes.

    hoho.. inform the press!!

  • Dorkus Maximus

    Uhg, people watch too much spy films and CSI. “Computer, turn on camera. Enhance quadrent 34F. Enhance…enhance. Sharpen. Print.”

    • Mike

      LOL dorkus. That sounds more like Bladerunner though.

Back To Top