- This topic has 0 replies, 1 voice, and was last updated 9 years, 9 months ago by
.
-
Posts
-
Hackers Turn Canon camera Into a Remote Spy Tool
By TJD, GMA News
With a little ingenuity, a group of hackers has turned a high-end Canon EOS-1D X camera into a remote surveillance tool that can remotely upload, download, or erase images.
One of the researchers disclosed this at the Hack in the Box security conference in Amsterdam on Wednesday, tech site PC World reported.
“If a photographer uses an insecure network like a hotel Wi-Fi network or a Starbucks network, than almost anybody with a little bit of knowledge is able to download images from the camera,” said German security researcher Daniel Mende of ERNW.
“You could for instance make yourself the author of a photo. That would come in handy when you try to sell them,” Mende added.
Also, he said hacking the camera can allow an attacker to download all the pictures it takes, but can get a live stream of sorts from it.
“We’ve successfully made the camera into a surveillance device,” he said.
PC World noted the Canon camera has a ethernet port and a WLAN adapter that supports wireless connection, letting photojournalists quickly upload photos.
But Mende said the connectivity function also has a dark side: weak security.
He said attackers can gain access to the camera in many ways, including credentials and even the entire photo when the camera sends data via FTP upload.
Also, Mende said the camera’s Digital Living Network Alliance mode allows sharing of media between devices – with no authentication required.
Mende also noted that with universal Plug and Play networking protocols, the camera’s contents can be accessed via HTTP and XML in DNLA mode.
“In this mode, the camera fires up like a network server,” Mende said.
On the other hand, the camera has a built-in web server, WFT server, that has authentication but one that can easily be overcome via brute force with six lines of Python script.
Alternate hack
Alternately, attackers can get remote access to the camera’s EOS Utility Mode, which Mende described as the closest thing to getting root access.
This mode allows users to wirelessly control the camera and even has Live View functionality, movie mode, and the ability to wirelessly transfer images.
All an attacker has to do is listen for the camera’s GUID (Globally Unique Identifier).
Fixing vulnerabilities
Mende said Canon has yet to address the security flaws, saying no one at Canon was willing to listen to him.
“The camera is designed to work exactly like this. From Canon’s point of view, there is probably no bug,” he said.
He suggested countermeasures such as enabling network connections only in trusted networks, and using a secure password
- You must be logged in to reply to this topic.