Canon Issues Security Warning For Certain Cameras | No Film School

Canon has put out a firmware update and a security advisory for all EOS DSLRs, Mirrorless Cameras, and PowerShot cameras that use WiFi and the Picture Transfer Protocol to transmit photos and videos wirelessly to a computer or mobile device.

Even though there has been no indication that a hacker has taken advantage of the vulnerability, the potential exists to intercept user data through an unsecured network. It's also possible that ransomware can be installed into the camera, locking up your image data, and demanding bitcoin to un-encrypt it.

In this case, research on Canon cameras will have the highest impact for users, and will be the easiest to start, thanks to the existing documentation created by the ML community.

CheckPoint Software Technologies was able to discover the exploit by researching work done by Magic Lantern and then using that research to find key vulnerabilities in the PTP protocol and take advantage of it. Check out the video below by CheckPoint Software Technologies:

During our research, we found multiple critical vulnerabilities in the Picture Transfer Protocol as implemented by Canon. Although the tested implementation contains many proprietary commands, the protocol is standardized, and is embedded in other cameras.

The exploit exists on the following DSLRs and Mirrorless cameras:

EOS-1DX*1 *2
EOS 6D Mark II
EOS 760D
EOS M5
EOS-1DX MK II*1 *2
EOS 7D Mark II*1
EOS 77DEOS M6
EOS-1DC*1 *2
EOS 70D
EOS 1300D
EOS M10
EOS 5D Mark IV
EOS 80D
EOS 2000D
EOS M100
EOS 5D Mark III*1
EOS 750D
EOS 4000D
EOS M50
EOS 5DS*1
EOS 800D
EOS R
EOS 5DS R*1
EOS 200D
EOS RP
EOS 6D
EOS 250D
EOS M3

In addition, the PowerShot G5X Mark I, PowerShot SX70 HS and PowerShot SX740 HS models are also affected.

At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.

Canon is working on a firmware update for all models, but so far only the EOS 80D has gotten an update through version 1.0.3. It's available here. But for the rest, Canon advises the following workarounds until firmware updates are put out:

Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
Do not connect the camera to a PC or mobile device that is being used in an unsecured network, such as in a free Wi-Fi environment.
Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
Disable the camera’s network functions when they are not being used.
Download the official firmware from Canon’s website when performing a camera firmware update.

CheckPoint also notes that any camera using the Picture Transfer Protocol would be vulnerable, not just Canon brands. Meanwhile, more details on How CheckPoint Software Technologies discovered the exploit can be found here.

Source: Canon

Writing the Unfilmable & Managing Your Career When SH*T Hits the Fan

Writing the Unfilmable & Managing Your Career When SH*T Hits the Fan

When the going gets tough, the tough keep filmmaking.

Writing a screenplay is like following a cookie recipe, it’s closer to magic than science. You don’t have to follow screenwriting “rules” to create an amazing story. There’s something else you don’t have to do in your career. When serious problems arise in your personal life, you don’t have to keep working at your typical pace. It’s okay to ask for help and decrease your output.

Keep ReadingShow less

Popular

Concept in Screenwriting

Stop Bailing On Your Concept Halfway Though Your Screenplay

Latest