Canon Firmware Security Updates Released For 11 Cameras

Security Flaw Canon Firmware

Already announced earlier, here is another batch of Canon firmware updates dealing with a security flaw in Canon’s Picture Transfer Protocol, the WiFi transfer protocol used on Canon cameras. More information about the security issue can be learned here.

Below you see all yet released firmware updates to fix the security flaw. All links point to the latest firmware.

ModelEstimated Firmware availability
EOS-1D X*1*2Version 1.2.1 is available for download
EOS-1D X Mark II*1*2                     Version 1.1.7 is available for download
EOS-1D C*1*2                        Version 1.4.2 is available for download
EOS 5D Mark III*1Version 1.3.6 is available for download
EOS 5D Mark IVVersion 1.2.1 is available for download
EOS 5DS*1Version 1.1.3 is available for download
EOS 5DS R*1       Version 1.1.3 is available for download
EOS 6D      Version 1.1.9 is available for download
EOS 6D Mark IIVersion 1.0.5 is available for download
EOS 7D Mark II*1Version 1.1.3 is available for download
EOS 70DVersion 1.1.3 is available for download
EOS 80D    Version 1.0.3 is available for download
EOS M10Tbd
EOS M100Tbd
EOS M3Tbd
EOS M5Tbd
EOS M50Version 1.0.3 is available for download
EOS M6Tbd
EOS M6 Mark IIVersion 1.0.1 is available for download
EOS RVersion 1.4.0 is available for download
EOS RPVersion 1.4.0 is available for download
EOS Rebel SL2Tbd
EOS Rebel SL3Version 1.0.2 is available for download
EOS Rebel T6Tbd
EOS Rebel T6iTbd
EOS Rebel T6sVersion 1.0.1 is available for download
EOS Rebel T7Tbd
EOS Rebel T7ITbd
PowerShot G5X Mark IITbd
PowerShot SX70 HSVersion 1.1.1 is available for download
PowerShot SX740 HS

*1These models require a WiFi adapter or a Wireless File Transmitter to support WiFi connectivity.
*2Ethernet connections can also permit these vulnerabilities.
Version 1.0.2 is available for download

Canon product advisory:

Thank you very much for using Canon products.

An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates.
(CVE-ID:CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001)

Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.

At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.

* Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.

* Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.

* Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.

* Disable the camera’s network functions when they are not being used.

* Download the official firmware from Canon’s website when performing a camera firmware update.

Models Affected

These vulnerabilities affect the EOS-series digital SLR and mirrorless cameras PowerShot SX740 HS, PowerShot SX70 HS, PowerShot G5X Mark II.

Firmware Update

There is an increased use of PCs and mobile devices in an unsecure (free Wi-Fi) network environment where customers are not aware of the network security. As it has become prevalent to transfer images from a camera to a mobile device via Wi-Fi connection, we will implement firmware updates for the following models that are equipped with the Wi-Fi function.

First Batch Of Security Related Firmware Updates For Canon Cameras Released

Canon Rumors Color Calibration

Back in August we reported about a security flaw found in Canon’s firmware concerning the picture transferring protocol (see here and here). Canon announced it would release firmware updates to fix the issue. Here is the first batch:

More updates to follow.

More About The Security Flaw In Canon’s WiFi Transfer Protocol

Security Flaw Canon Firmware

Canon yesterday issued security advisory concerning a security flaw in their Picture Transfer Protocol, the WiFi transfer protocol used on Canon cameras.

The security flaw was demonstrated by Israeli security company Check Point Research during DEF CON 2019. The security researchers were able to hijack a Canon EOS 80D using USB and wirelessly using WIFI.

The discovered vulnerabilities would allow a malicious actor to take over a target’s DSLR camera through both WiFi and USB, giving him full control over it. Such an infection could, for example, be used for installing a Ransomware on the camera, and demanding ransom for both the images and the camera itself. Not a nice scenario for professionals.

As LensVid sums it up:

An attacker who would want to use a similar approach to perform a real-world ransomware attack on a EOS 80D will need to set-up a rogue WiFi Access Point and initiate the exploit (something that can certainly be done by many sufficiently experienced attackers although will require the Camera’s WIFI to be turned on).

The video below shows how Check Point Research exploited the Canon EOS 80D using the cited security flaw. By building on existing knowledge of Magic Lantern, they were able to build a ransomware.

All the steps involved in exploiting the security flaw in Canon’s WiFi transfer protocol are documented in this technical article.

Check Point Research promptly informed Canon. While waiting for the firmware updates, Canon recommends the following:

  • Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
  • Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
  • Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
  • Disable the camera’s network functions when they are not being used.
  • Download the official firmware from Canon’s website when performing a camera firmware update.

Canon already issued a firmware update for the Canon EOS 80D, and more updates will follow.

Unfortunately, that’s not the end of the story. The researchers found multiple critical vulnerabilities in Canon’s Picture Transfer Protocol. And it’s likely these vulnerabilities are present in other manufacture’s PTP as well.

Stay tuned.

[via LensVid]

Canon Detected Security Flaw In WiFi Protocol, Lots Of Firmware Updates To Come

Canon Rumors Color Calibration

It seems a lo of firmware updates are coming to Canon DSLRs, MILCs, and PowerShots. Good to know that Canon takes this issues seriously.

Canon product advisory:

Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions.

Thank you very much for using Canon products.

An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates.
(CVE-ID:CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001)

Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.

At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.

  • Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
  • Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
  • Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
  • Disable the camera’s network functions when they are not being used.
  • Download the official firmware from Canon’s website when performing a camera firmware update.

Models Affected

These vulnerabilities affect the EOS-series digital SLR and mirrorless cameras PowerShot SX740 HS, PowerShot SX70 HS, PowerShot G5X Mark II.


Firmware Update

There is an increased use of PCs and mobile devices in an unsecure (free Wi-Fi) network environment where customers are not aware of the network security. As it has become prevalent to transfer images from a camera to a mobile device via Wi-Fi connection, we will implement firmware updates for the following models that are equipped with the Wi-Fi function.

ModelEstimated Firmware availability
EOS-1D X*1*2Tbd
EOS-1D X Mark II*1*2                      Tbd
EOS-1D C*1*2                         Tbd
EOS 5D Mark III*1Tbd
EOS 5D Mark IV Tbd
EOS 5DS*1Tbd
EOS 5DS R*1        Tbd
EOS 6D       Tbd
EOS 6D Mark II Tbd
EOS 7D Mark II*1                              Tbd
EOS 70DTbd
EOS 80D     Version 1.0.3 is available for download
EOS M10Tbd
EOS M100Tbd
EOS M3Tbd
EOS M5Tbd
EOS M50Tbd
EOS M6Tbd
EOS R Tbd
EOS RPTbd
EOS Rebel SL2 Tbd
EOS Rebel SL3Tbd
EOS Rebel T6Tbd
EOS Rebel T6iTbd
EOS Rebel T6sTbd
EOS Rebel T7Tbd
EOS Rebel T7I Tbd
PowerShot G5X Mark IITbd
PowerShot SX70 HSTbd
PowerShot SX740 HSTbd
Click here to open the rest of the article

Canon security cameras deliver real-time analysis of emotions, report

Security Cameras

Canon is investing in artificial intelligence systems. Here is another application.

Nikkei Asian Review reports:

TOKYO — A Canon unit is launching a new security camera system that performs double duty, providing surveillance while also enhancing customer service.

Canon Marketing Japan’s system analyzes facial expressions in real time — a feature envisioned as a marketing tool allowing retailers and entertainment venues to interpret customers’ reactions moment by moment.

The technology detects three emotions — joy, sadness and anger — as well as age and gender. Software analyzes footage sent to the cloud, automatically tracking and charting the level of a particular emotion as a percentage.

A theater, for instance, could monitor an audience to see when and how often they laughed. Canon MJ expects plenty of business from relatively small retailers, such as supermarkets, along with amusement parks and other clients that want detailed insight into customer satisfaction.

The technology is being launched under the company’s cloud-based image management service, VisualStage, with emotion analysis software developed by Tokyo-based security imaging company Aroba.

Read the article at Nikkei Asian Review.