Hackers turn a Canon EOS camera into a remote surveillance tool

The Canon EOS 1D-X camera is not designed with security in mind, a researcher said

By Loek Essers, IDG News Service |  Security

Accessing the camera in that mode wasn't as easy as gaining control via FTP or the session ID, according to Mende.

To access the mode, an attacker has to listen for the camera's GUID (Globally Unique Identifier) that is broadcasted obfuscated. The attacker than needs to de-obfuscate the authentication data, disconnect the connected client software and connect to the camera using the PTP/IP protocol, or picture transfer protocol that is used to transfer images to connected devices, according to Mende's presentation.

"We not only can download all the taken pictures, we can also get a more or less live stream from the camera," Mende said. "We've successfully made the camera into a surveillance device."

Attackers are also able to upload pictures to the camera in Utility mode, he said.

Canon has not fixed the vulnerabilities yet, according to Mende, who said he wasn't able to find anyone at Canon willing to listen to him. "The camera is designed to work exactly like this. From Canon's point of view there is probably no bug," Mende said.

"[But] people who use the camera should be aware of this. That's why I'm standing here today without speaking to Canon," he told conference attendees.

Canon EOS-1D X owners should take countermeasures to prevent the attacks from succeeding, said Mende. They should only enable network connections in trusted networks, he said. And users should always use a secure password for trusted WLAN networks, he said.

Canon did not immediately reply to a request for comment.

Loek is Amsterdam Correspondent and covers online privacy, intellectual property, open-source and online payment issues for the IDG News Service. Follow him on Twitter at @loekessers or email tips and comments to loek_essers@idg.com

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question