Canon USA has advised that a long list of WiFi-enabled Canon cameras are subject to a range of security vulnerabilities.
Cameras listed are: Canon EOS 1D X, 1D X II, 1D C, 5D III, 5D IV, 5DS, 5DS R, 6D, 6D II, 7D II, 70D, 80D, M10, M100, M3, M5, M50, M6, R, RP, 200D, 250D, 1300D, 1500D, 750D, 760D, 800D, PowerShot G5X II, SX70 HS and SX740 HS.
‘An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates,’ Canon USA noted on August 5.
‘Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.’
The Japan Vulnerability Notes database lists six separate vulnerabilities applicable to all the listed cameras. It states the impacts are:
– A specially crafted PTP command may cause buffer overflow, which may result in the affected digital camera being unresponsive or arbitrary code being executed by a remote attacker;
– Specially crafted firmware by a remote attacker or unofficial firmware update may be applied without the user’s consent.
It rates the likelihood of exploitation of these vulnerabilities as High.
Canon stated that there have been no confirmed cases of the vulnerabilities being exploited ‘to cause harm’. It has issued a set of instructions:
– Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used;
– Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment;
– Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections;
– Disable the camera’s network functions when they are not being used.
Canon indicates it is developing firmware patches to fix the problem, but so far only firmware for the EOS 80D is available: http://bit.ly/Canonadvice
Here’s another report describing the problem, which was apparently discovered way back in March: https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
Inside Imaging was not able to locate any information regarding the software vulnerabilities on the Canon Australia website at time of publication.