Industry News: Fujifilm Suffers Cyber-attack, Shuts Down Servers

Fujifilm

Hackers hit Canon last year, now it’s Fujifilm that has been hacked. Again it’s a ransomware attack.

Fuji Rumors reports that Fujifilm disclosed a ransomware attack on their network and that there has been an unauthorized access to their servers. Apparently their servers have been infected by the Qbot trojan malware.

Fujifilm’s statement:

Notification of communication failure to customers

2021 12:00 Update June 2, 2021 20:00

FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence.

We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities.

We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused.

Hacking Post: You Can Run A Minecraft Server On A Canon Rebel SL2

Rebel SL2 SL3 Minecraft Server

From the series of “totally pointless but absolutely cool” hacks today we feature a new one, and for sure one of the most weird: a Minecraft server running on a camera.

A hacker going by the handle Turtius installed and successfully run a Minecraft server on a Canon Rebel SL2 (EOS 200D in Europe). If you know how Minecraft works, then you likely know that the server (i.e. the SL2 in our example) is only running the “world” that is then displayed on the user’s computer. The game itself runs on the user’s computer. However, at least theoretically, other users could connect to the world managed on the server (the SL2).

The shot video below shows three points of view: i) via a smartphone recording the back of the camera and the monitor, ii) what the Rebel SL2 is seeing, and iii) a screen recording from the computer that is connected to the Canon Rebel SL2. Clearly the SL2 reaches its limits.

Turtius explains here how he did the hack, using avrcraft, a Minecraft server that’s optimized for 8-bit devices. Says Turtius:

[avrcraft] is fully running on the camera. I reverse-engineered the network module used by Canon which just so happens to expose Unix-like sockets and integrated avrcraft with Magic Lantern. It’s running a custom implementation provided by Canon’s operating system and using custom code to interact with the stuff provided by Canon on a lower level.”

Cool hack, eh?

Turtius used a modified version of the free Magic Lantern firmware add-on, and wrote code specifically for the Rebel SL2. You can find the full source code on GitHub but be warned: do it only if you know what you are doing otherwise you risk to brick your camera.

[via PetaPixel]

Canon Officially Confirms Ransomware Attack, Says Employee Data Was Stolen

Ibis Canon Rumors Canon Full Frame Mirrorless Canon PowerShot G7 X Canon Eos 90d Coronavirus

Some months ago Canon USA was victim of a ransomware hacking attack. We reported about this incident.

Canon has finally released an official statement about the hacking attack. It turns out that information concerning past and current employees was stolen by the hackers, as employees’ names, social security number, date of birth, driver’s license number, government-issued ID, bank account number, and their electronic signature.

Canon statement about the ransomware attack:

Notice of Data Security Incident

Canon understands the importance of protecting information. We are informing current and former employees who were employed by Canon U.S.A., Inc. and certain subsidiaries, predecessors, and affiliates1 from 2005 to 2020 and those employees’ beneficiaries and dependents of an incident that involved some of their information. This notice explains the incident, measures we have taken, and steps you can take in response.

We identified a security incident involving ransomware on August 4, 2020. We immediately began to investigate, a cybersecurity firm was engaged, and measures were taken to address the incident and restore operations.  We notified law enforcement and worked to support the investigation.  We also implemented additional security measures to further enhance the security of our network.

We determined that there was unauthorized activity on our network between July 20, 2020 and August 6, 2020.  During that time, there was unauthorized access to files on our file servers. We completed a careful review of the file servers on November 2, 2020 and determined that there were files that contained information about current and former employees from 2005 to 2020 and their beneficiaries and dependents. The information in the files included the individuals’ names and one or more of the following data elements: Social Security number, driver’s license number or government-issued identification number, financial account number provided to Canon for direct deposit, electronic signature, and date of birth. 

We wanted to notify our current and former employees and their beneficiaries and dependents of this incident and to assure them that we take it seriously.  As a precaution, we have arranged for them to receive a complimentary membership to Experian’s® IdentityWorksSM credit monitoring service. This product helps detect possible misuse of an individual’s information and provides the individual with identity protection services.  IdentityWorksSM is completely free to the individual, and enrolling in this program will not hurt the individual’s credit score. If you are a current or former employee, or the beneficiary or dependent of a current or former employee, and would like more information on IdentityWorksSM, including instructions on how to activate your complimentary membership, please call our dedicated call center for this incident at 1-833-960-3574.  For information on additional steps you can take in response, please see the additional information provided below.

We regret that this occurred and apologize for any inconvenience.  If you have additional questions, please call 1-833-960-3574, Monday through Friday, between 9:00 a.m. and 6:30 p.m., Eastern Time.

1This notice is being provided by or on behalf of Canon U.S.A., Inc. and the following subsidiaries, predecessors, and affiliates: Canon BioMedical, Inc., Canon Business Solutions-Central, Inc., Canon Business Solutions-Mountain West, Inc., Canon Business Solutions-NewCal, Inc., Canon Business Solutions-Tereck, Inc., Canon Business Solutions-West, Inc., Canon Development Americas, Inc., Canon Financial Services, Inc., Canon Information and Imaging Solutions, Inc., Canon Information Technology Systems, Inc., Canon Latin America, Inc., Canon Medical Components U.S.A., Inc., Canon Software America, Inc., Canon Solutions America, Inc., Canon Technology Solutions, Inc., Canon U.S. Life Sciences, Inc., NT-ware USA, Inc., Océ Imaging Supplies, Inc., Océ Imagistics Inc., Océ North America, Inc., Océ Reprographic Technologies Corporation, and Virtual Imaging, Inc.

ADDITIONAL STEPS YOU CAN TAKE

We remind you it is always advisable to be vigilant for incidents of fraud or identity theft by reviewing your account statements and free credit reports for any unauthorized activity. You may obtain a copy of your credit report, free of charge, once every 12 months from each of the three nationwide credit reporting companies. To order your annual free credit report, please visit www.annualcreditreport.com or call toll free at 1-877-322-8228. Contact information for the three nationwide credit reporting companies is as follows:

If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes. You should also contact your local law enforcement authorities and file a police report. Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records. Contact information for the Federal Trade Commission is as follows: 

  • Federal Trade Commission, Consumer Response Center, 600 Pennsylvania Avenue NW, Washington, DC 20580, 1-877-IDTHEFT (438-4338), www.ftc.gov/idtheft 

Friday Hacker Blogging: The History Of Unix and Linux

History Of Unix

Front Page Linux posted an interesting and well written article about the history of Unix and Linux. Definitely worth your attention if you are into computer science.

For this special history guide, we are going to take a trip back in time to see where the seed of Linux was planted — namely via the Unix systems of the early 1970s and how it has progressed through the modern day. Though most are completely unaware of the enormous impact that Unix-like operating systems have planted on our society, understanding its storied history can allow us to realize why the Unix model has lived on far longer and become more successful than any other operating system architecture (and philosophy) in existence.

In fact, the estimated 5 billion people in the world (more than half the population) to own a mobile phone have been using Unix-based operating systems, knowingly or not, since the “smart” phone hit the consumer shelves in the late 2000s. From the Linux-based Android platform to the BSD-flavored iOS, Unix has stolen the massive mobile market along with the majority of other systems in existence. In fact, if you look at the operating system on just about any device besides the desktop PC, it is more likely than not that it runs some form or derivative of Unix.

So, how did an operating system written to port a game from one machine to another gain so much prominence in our world today when it was first conceived and implemented over sixty years ago? Well, our journey begins at AT&T’s famous Bell Laboratory with two unlikely heroes that helped kick off the modern technological age. Strap in and grab some popcorn, this is going to be a wild ride!

Read about the history of Unix at Front Page Linux. You can also use this post to discuss about whatever (photographic) topic you wish.

Friday Hacker Blogging: Get Doom Running On a Canon PIXMA Printer

Doom

Back in 2014 security researcher found a vulnerability in Canon PIXMA printers. They demonstrated the vulnerability by installing the 1990’s game Doom on the printer.

Canon wireless Pixma printers can be accessed through a web page, for instance to see printer information like ink levels or to update the firmware.

Says the hacker at Context (emphasis added):

This interface does not require user authentication allowing anyone to connect to the interface. At first glance the functionality seems to be relatively benign, you could print out hundreds of test pages and use up all the ink and paper, so what? The issue is with the firmware update process. While you can trigger a firmware update you can also change the web proxy settings and the DNS server. If you can change these then you can redirect where the printer goes to check for a new firmware. So what protection does Canon use to prevent a malicious person from providing a malicious firmware? In a nutshell – nothing, there is no signing (the correct way to do it) but it does have very weak encryption. I will go into the nuts and bolts of how I broke that later in this blog post. So we can therefore create our own custom firmware and update anyone’s printer with a Trojan image which spies on the documents being printed or is used as a gateway into their network. For demonstration purposes I decided to get Doom running on the printer (Doom as in the classic 90s computer game).

And Doom it was:

Canon acknowledged the issue and provided the following statement regarding this issue:

“We thank Context for bringing this issue to our attention; we take any potential security vulnerability very seriously.  At Canon we work hard at securing all of our products, however with diverse and ever-changing security threats we welcome input from others to ensure our customers are as well protected as possible.

We intend to provide a fix as quickly as is feasible.  All PIXMA products launching from now onwards will have a username/password added to the PIXMA web interface, and models launched from the second half of 2013 onwards will also receive this update, models launched prior to this time are unaffected. This action will resolve the issue uncovered by Context.”  

It is a good practice to never connect a printer to the Internet.

If you want to dive deeper into the hacking and learn how Canon’s encryption was broken read the article at Context. This post can be used to discuss about whatever topic you want.

Friday Hacker Blogging: digiKam 7.1 Released, Fully Supports Canon CR3 Format

Digikam 7.1

The open source and free software digiKam 7.1 has been released. Full support for the Canon CR3 format has been added.

Release notes for digiKam 7.1 are here.

When you buy an expensive camera, such as the latest Canon devices, you should expect the image provided to be seriously pre-processed by the camera firmware and ready to use immediately. This is true for JPEG, but not RAW files, where the format changes for every new camera released, as it depends on the camera’s sensor data. This is also the case for the Canon CR3: the RAW format produced by this camera has required intensive reverse-engineering that the digiKam team cannot always support well. This is why we use the powerful Libraw library to post-process the RAW files on the computer. This library includes complex algorithms to support all kinds of different RAW file formats, including the Canon CR3.

You can download digiKam 7.1 for 64-bit or 32-bit systems from their website.

As usual you can use this post to discuss about whatever you want.