Forgot your password?
typodupeerror
Privacy Security IT Your Rights Online

Wi-Fi Enabled Digital Cameras Easily Exploitable 96

Posted by Unknown Lamer
from the say-cheese dept.
An anonymous reader writes with some news that might make you think twice before getting a network-enabled camera. From the article: "Users' desire to share things online has influenced many markets, including the digital camera one. Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them. But, as proven by Daniel Mende and Pascal Turbing, security researchers with ERNW, these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices. The researchers chose to compromise Canon's EOS-1D X DSLR camera and exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it."
This discussion has been archived. No new comments can be posted.

Wi-Fi Enabled Digital Cameras Easily Exploitable

Comments Filter:
  • Excellent! (Score:5, Insightful)

    by ColdWetDog (752185) on Monday March 25, 2013 @09:00PM (#43278007) Homepage

    Now it should be simple to make a smartphone app to control the camera. Before, you had to get the API from the manufacturer, sign an NDA, often pay money and then pour through the poorly documented mess.

    Progress!

  • by Anonymous Coward on Monday March 25, 2013 @09:16PM (#43278085)

    Hijacking thousands of vacation pictures may prove fatal to the pirates who steal them, contracting terminal boredom. Meanwhile, spies and celebrities should avoid using cameras with remote access vulnerabilities

    • by geekmux (1040042)

      Hijacking thousands of vacation pictures may prove fatal to the pirates who steal them, contracting terminal boredom. Meanwhile, spies and celebrities should avoid using cameras with remote access vulnerabilities

      Uh, are you sure about celebrities? I heard Kim Kardashian is coming out with her own signature series camera. Apparently it's got some pretty cool features, including a free exclusive contract with a top director in the adult film industry...

  • by Nyder (754090) on Monday March 25, 2013 @09:19PM (#43278109) Journal

    The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible. Spending money on securing the add features that consumers want (ie. wifi) cuts into the bottom line.

    Will it stop consumers from buying the models? My guess is no.

    What will the camera makers do? Make a new model, same as the old model, but with added security features. Of course, you will pay 50% more for the new "model".

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      The build COST on a 1D-X is nearly $4000USD. Cutting corners in software was not high on the list.

      • by citizenr (871508)

        Of course it was. $4000 camera, and it still cant manage flash filesystem properly and will corrupt saved files if you insert a card with non continuous space (plug card into computer, delete few random pictures, insert into camera, happy recovery).
        Canon, Nikon, Sony and other mayor manufacturers ALL recommend you to
        -format card in the camera, not in computer
        -never edit/delete files in the camera itself

        • by pspahn (1175617)

          Seems simple enough, and is in fact what I've always done, simply by default.

          I could see why some people would want to delete photos in the camera, after all, there's a delete button right there... but if you're shooting enough to where you're worried about the space available on the card, you can probably afford a couple extra cards.

          • Re: (Score:3, Interesting)

            by citizenr (871508)

            Yes, delete button is right there, and will happily help you corrupt all of your data on the card, in $4000 camera. Thats the point. Software in those cameras is GARBAGE. Wifi link being open to all kinds of exploits is not really surprising.

            btw new ExFAT filesystem brings even more garbage 'someone wrote it and it kinda works, lets not touch this" code to new hi-end cameras.

            • by Ford Prefect (8777) on Monday March 25, 2013 @11:38PM (#43278687) Homepage

              Yes, delete button is right there, and will happily help you corrupt all of your data on the card, in $4000 camera. Thats the point.

              What on Earth are you doing with your cameras? I've been deleting unnecessary photos from cameras for years, as well as using the memory cards for general file storage (somehow I still have no USB memory whatsits) - and I've yet to suffer from any file corruption. I do tend to reformat cards that need emptying rather than mass-deleting files, but that's mainly 'cause it's much quicker that way. I've frequently had full cards that I've pruned photos from so I can take some more. (Experience mainly with Canon dSLRs, but also with Fujifilm, Minolta, Panasonic etc.)

              I suspect my habit of only buying decent memory cards has caught up with me yet again. :-(

            • by m.dillon (147925) on Monday March 25, 2013 @11:49PM (#43278723) Homepage

              I do sometimes delete photos in-camera, usually three or four out of every 100 or so I take, but generally I recommend (and also for myself) NOT to delete photos in-camera because it's easy to miss things you might want to keep when you try to review pictures on such a small display.

              But I've never had an issue with any of my Canon's corrupting the SD card.

              -Matt

            • by hairyfeet (841228)

              Dude it ain't ExFAT, hell you can use any file system and it ain't gonna matter with the shitty software on those cameras. I don't know how many times i've had to try to recover photos because somebody used the delete button....WTF? If its gonna shit itself practically every time you use it, why in satan's balls would they put that button on there in the first place?

              as I have told many a customer the delete button should be called "hose your photos NOW" button because a good 9 times out of 10 that is what

              • Re: (Score:3, Informative)

                by kwbauer (1677400)

                I don't know how many times i've had to try to recover photos because somebody used the delete button....WTF?

                Yeah. WTF are you talking about. I've deleted individual photos on camera and on the computer with both Nikon's and Canons. I've even added folders and stored photoshop and word docs on them and put them back in the camera and they work just fine. They simply ignore those files (and folders) and remove the space they use from the available space.

                I suggest that the reason you have to recover so many p

                • by hairyfeet (841228)

                  Right me and that other guy just made it up for...why exactly? Or maybe, just maybe, you got lucky or chose a really good model? The Olympus cameras don't seem to have this problem but a LOT of the cameras sold in your B&M stores DO have this problem. Looking at the forums its just as the other guy described it in that their software doesn't know what to make of free blocks in the middle of non free blocks and freaks the hell out.

                  But just because you haven't seen it, especially when you don't actually

                  • Right me and that other guy just made it up for...why exactly? Or maybe, just maybe, you got lucky or chose a really good model? The Olympus cameras don't seem to have this problem but a LOT of the cameras sold in your B&M stores DO have this problem.

                    Which manufacturer and camera models suffer from this problem? I'd be interested to know, so I can recommend against them.

                    (I've helped out with a fair amount of digital camera stuff for friends and relatives, and I've never actually seen a corrupted memory

                    • by hairyfeet (841228)

                      Never bothered writing down specific make and model but look at any of the non Olympus (as I said, never saw it with their models) that sell for $75-$150 in your local Walmart or Best Buy and then hit their forums and see, its really not that rare an occurrence. Personally I think many of them are buying their software from the same company in who knows where Asia and they have some issues, no different than how when Creative subcontracted their software out to India it went to crap. Not saying all Indian c

                  • by TheP4st (1164315)

                    I use only top quality memory cards and have shot a very large amount of pictures over the years on Nikon D200, D300 and Fujifilm X100, and tend to delete poor quality pictures on spot, but have to date never encountered this problem which lead me to suspect that perhaps many of cases you've seen might be attributed to poor quality memory cards rather than camera firmware, alternatively that I use cameras with better than average firmware. Another possibility could of course also be that in your line of wor

                  • I have about the cheapest camera you can get, a Kodak® EasyShare® I got at Walmart® three or four years ago for maybe $40 (it was their Black Friday special). Sometimes the lens won't go in and out all the way because it got sand in it. And yet... there has never been any problem with the software. Delete random photos out of a bunch directly on the camera, no problem.

                    So... if a couple of folks on here say that deleting files has caused file system corruption and a couple of other folks have s

                    • by hairyfeet (841228)

                      Well I can tell you that while the EasyShare tends to have more lens fails from what I've seen (also their docks are kinda iffy) they don't seem to have this problem as much. It still happens, just not as much. Look at the non Olympus models for around $100 at your local Wally World, write down make and model and hit the forums for those cameras and you'll find its not a rare thing. As I answered another poster personally I think they are all subcontracting from the same software firm that has this issue, a

      • Is that the marginal cost of production, the amortized cost of production (i.e. sunk costs spread out over the entire production run), or the amortized costs of production, marketing/sales, support (warranties aren't free, folks), etc.?

    • by dgatwood (11270)

      The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible.

      I wonder if this exploit is the reason why Canon didn't release a Wi-Fi/GPS-capable EF-S camera body last week (70D, rumored) like just about everybody expected (and like a sizable percentage of Canon DSLR users are holding out for).

      It just seems bizarre that such largely consumer-centric features are unavailable except in their pro DSLRs, which won't work with any of their consumer-priced lenses. Only

      • by walshy007 (906710)

        which won't work with any of their consumer-priced lenses.

        Sure it will, the 50mm f/1.8 works quite well, is full framed and sets you back $150.

        • by dgatwood (11270)

          The problem is not that you can't get any lenses in a consumer-affordable price range, but rather that many of the EF lenses are dramatically much more expensive for a given angle on a full-frame sensor than an EF-S lens that would produce that same view angle on a crop body.

          For example, I frequently find myself using my 10-22mm EF-Szoom lens. Canon's EF equivalent, after compensating for the 1.6x crop, is the 16-35. The 10-22 EF-S costs about $720. The 16-35 costs a jaw-dropping $1450.

          • by Strider- (39683)

            For example, I frequently find myself using my 10-22mm EF-Szoom lens. Canon's EF equivalent, after compensating for the 1.6x crop, is the 16-35. The 10-22 EF-S costs about $720. The 16-35 costs a jaw-dropping $1450.

            Yes, and optically, the 10-22 is much easier to make, and requires less precision than the 16-35. You're also comparing a consumer grade lens (the 10-22) with L glass. They're two completely different classes of lenses, with completely different performance metrics. It's not just the focal length, but the resolution, flare control (especially at these focal lengths), build quality, and materials.

    • The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible..

      I suspect that lacking the relevant institutional expertise doesn't help. The camera guys may have some fucking software wizards when it comes to crunching raw sensor data into an agreeable format at high speed, on a weedy little embedded chip, without crushing the battery; but(as Adobe demonstrates about three times a week) image-processing expertise is minimally connected with good software engineering practices, much less security-focused design...

      Can anybody think of an industry that went from producing

      • by dgatwood (11270)

        Embedded industrial and medical devices need to be controlled/monitored remotely, which means that they need open ports. There's no good reason for a camera to have any open ports by default. Thus, assuming they are using a reasonably robust and well-tested OS, the attack surface should be very, very small.

        • Oh, I'd be the last to deny that they fucked up here. My point was just that, as best I can see, every previously-not-networked industry manages a period of impressive lousiness and seems to feel some sick need to learn from their own painful mistakes, rather than learning from somebody else's painful mistakes that have already been made. I don't know why.

  • by jazzdude00021 (2714009) on Monday March 25, 2013 @09:22PM (#43278123)
    Seriously, this is one of them. I love the idea of sharing and all, but we can wait to see your vacation or ...other... pics more than 15 minutes after you take it. A camera does not need to be directly connected to the internet, and all it does is open up potential security flaws. Find a good way to remotely exploit this and next thing you know, you can just take a vacation vicariously, through someone's (unsuspecting) lens. With the way tablets, smartphones etc are going, they can be great and (more) secure gateways to posting things, plus it gives you the chance to *filter* your photos...
    • by Anonymous Coward on Monday March 25, 2013 @09:25PM (#43278133)

      Interesting, but the article itself mentions a camera body that's meant for professionals who are handed contracts to deliver photos within a time frame following events. (most MAJOR sporting events the photos need to be uploaded from the camera back to a central repo within 4 hours of the event, so they can go to print for the following morning. )

      Saving a few minutes here and there is KEY to getting ahead in that industry.

      • by nabsltd (1313397)

        (most MAJOR sporting events the photos need to be uploaded from the camera back to a central repo within 4 hours of the event, so they can go to print for the following morning. )

        Saving a few minutes here and there is KEY to getting ahead in that industry.

        It takes about 10 seconds to remove the memory card and plug it into a tablet/laptop/whatever. Unless you need photos uploaded essentially as you shoot them (which I suspect woudn't work very well at the same time you were taking new pictures), there is no reason to have the camera able to connect to a network.

        In addition, it's likely the file transfer software on the tablet/laptop/whatever is far more robust than anything on the camera. This might give you features such as automatic retry, resuming in th

        • by Ford Prefect (8777) on Monday March 25, 2013 @11:46PM (#43278711) Homepage

          It takes about 10 seconds to remove the memory card and plug it into a tablet/laptop/whatever. Unless you need photos uploaded essentially as you shoot them (which I suspect woudn't work very well at the same time you were taking new pictures), there is no reason to have the camera able to connect to a network.

          You're kind of assuming the photographer is right next to the cameras - professional wireless whatsits (e.g. Nikon [bhphotovideo.com] and Canon [bhphotovideo.com]) are intended for full remote control of multiple cameras. So at a sports event, a photographer might have one down behind the goal with a wide-angle lens, another pointing at the other goal, etc. etc. etc. - all uploading to the photo agency for up-to-the-moment imagery. Newspapers needed things soon, the internet needs it now.

          Still decidedly embarrassing if they are so easily compromised, of course.

          • by Sigg3.net (886486) on Tuesday March 26, 2013 @07:08AM (#43279801) Homepage

            So a devious photographer may create an automated wifi entry and corruption script and fire it up on a critical event, walking away with the only usable money shot.

          • So at a sports event, a photographer might have one down behind the goal with a wide-angle lens, another pointing at the other goal, etc. etc. etc. - all uploading to the photo agency for up-to-the-moment imagery. Newspapers needed things soon, the internet needs it now.

            Still decidedly embarrassing if they are so easily compromised, of course.

            And now all I have to do is put myself somewhere in range of the remote controlled cameras, find an exploit, publish their photograph first and take credit for it. Much faster and easier than actually doing all the work.

            I see where this technology is potentially very useful, but just like compromised "smart meters" and other "smart" appliances, cameras don't need to be a part of the "internet of things" unless you're cool with someone potentially watching everything you do with it.

    • by fustakrakich (1673220) on Monday March 25, 2013 @09:31PM (#43278149) Journal

      On the contrary. When recording the police, it's best to upload live, so when they steal your camera, they don't get the footage.

    • Eye-fi.
      It only talks to networks you have told it about. Ad-hoc to a laptop, or to a wifi router. Via WPA. It does not talk directly to 'the internet', unless you tell it to. It can upload directly to flickr/facebook/etc....if you tell it to. I don't.

      I do a lot of macro photography at home , and not having to swap the card between camera and PC is a godsend.

      Is it exploitable? Don't know. Maybe.

      Now...if I were going to attend an 'event' where my camera might get confiscated, I might have a nearby compatri
    • by Strider- (39683)

      Seriously, this is one of them. I love the idea of sharing and all, but we can wait to see your vacation or ...other... pics more than 15 minutes after you take it. A camera does not need to be directly connected to the internet, and all it does is open up potential security flaws. Find a good way to remotely exploit this and next thing you know, you can just take a vacation vicariously, through someone's (unsuspecting) lens. With the way tablets, smartphones etc are going, they can be great and (more) secure gateways to posting things, plus it gives you the chance to *filter* your photos...

      As I mentioned above, the real point of the wifi link is NOT for sharing the photos. It's to remote control the camera so that you can either control it without touching it (say when doing astro-photography, where simply touching the camera will throw your whole system out of whack), doing tasks that you can't do hands on (Focus micro-adjustments, highly useful when doing product photography), or controlling the camera when it is placed in an otherwise inaccessible location.

      The other main use for the wirel

  • by eksith (2776419) on Monday March 25, 2013 @09:24PM (#43278131) Homepage

    This trend of making all things that exist wireless can have pretty bad consequences if companies aren't held accountable for what they produce. I'm sorry, it's not hard. It just takes code correctness and some discipline to not take a route only cause it's easy. I'm not naive; I understand being first out of the gate matters, but making that a priority at the cost of some basic security is unacceptable.

    If the programmers aren't delivering on time or creating insecure code, then part of the problem may be management. As Scott Adams wrote today, Management exists to minimize the problems created by its own hiring mistakes [dilbert.com]. It's some kind of endmic disease that technical people are expected to push through a product quickly first, securely second.

    • not hard
      code correctness
      discipline

      I would like to move to your country.

    • by tlhIngan (30335)

      This trend of making all things that exist wireless can have pretty bad consequences if companies aren't held accountable for what they produce. I'm sorry, it's not hard. It just takes code correctness and some discipline to not take a route only cause it's easy. I'm not naive; I understand being first out of the gate matters, but making that a priority at the cost of some basic security is unacceptable.

      Digital cameras are a commodity. For under $150-200 these days (under $100 on sale), you get a pretty dec

  • Undefeated.
  • by GoodNewsJimDotCom (2244874) on Monday March 25, 2013 @09:38PM (#43278185)
    The cost for web cams and 100' USB cables is like 20$. So give a home 5 security cameras for $100. Hook em up on their computer and have code that records a buffered state so far back. Or if you're concerned about disk space, attach motion sensors to the recording states. Write some software that allows them to check out their house on their smart phone. Installation shouldn't take more than a a few hours.

    So if you wanted to start your own security system, you'd be back 100$ for 5 cameras/cables. You'd need to write some code, or have someone write it for you, but this is only a one time cost. And you can charge people 45$/month or a one time fee of 500-700$, and that is way cheaper that what is on the market, and what is on the market doesn't let you check your security cameras from your smart phone.

    Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?
    • Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?

      The plethora of cheap, standalone, multicam systems by Lorex, Zmodo, etc that already do this.
    • Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?

      Reliability, maintainability, installation, liability, insurance, service... pretty much everything in fact.

    • by tlhIngan (30335)

      Well, you can buy a damn nice DVR from Lorex that has it all including hard drive recorder, 4-6 cameras, night lights, and cabling for around $600 all together, or much less. Including PC software to access it over a network, and with the first firewall configuration, using apps on iOS and Android.

      And they're nicer higher-definition color cameras at that. Hell, our company replaced an old camera system using Panasonic NTSC cameras and a Windows 98 PC being a DVR (total cost - tens of thousands back in the d

    • by dgatwood (11270)

      The cost for web cams and 100' USB cables is like 20$. ... Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?

      Besides the fact that you'll need special hardware to extend USB past 5 meters (about 16 feet), and the fact that the extenders alone will eat that $20?

  • by Anonymous Coward

    I have a 1Dx, and it doesn't come by default with wireless (just gigabit ethernet). Or GPS. You can buy the super expensive Canon adaptors or eyefi adaptors for way cheaper, but the article is pretty light to determine risk. As noted above - mostly concerned will be sports and events photographers who have a workflow involving wireless transmission / post processing, who actually have added the hardware and turned it on.

  • Enabled Wi-Fi _______ easily exploited.
  • by m.dillon (147925) on Monday March 25, 2013 @11:56PM (#43278739) Homepage

    Not unexpected, but its kinda hard to take candid photos from a hijacked camera when the lens cap is on. And those WIFI systems are not generally left on anyhow.

    I don't understand why they used a 1Dx though, which would require an external WIFI adapter to even have a WIFI capability. I would be more interested in penetration testing something like the Canon 6D which has the WIFI built-in. I fully expect there to be holes, Canon's WIFI software has always been quite primitive and even the new stuff is still quite primitive.

    But if we make enough noise and Canon will fix it in a software update.

    Currently I only use the 6D's built-in WIFI to be able to review pictures in-camera from an android tablet... quite a useful feature. I'm not particularly worried about hijacking there since the Camera's WIFI transmitter has rather limited range. And most of the time the WIFI is turned off anyway since it eats the battery otherwise.

    -Matt

    • by thegarbz (1787294)

      Not unexpected, but its kinda hard to take candid photos from a hijacked camera when the lens cap is on.

      Key point right there. Most DSLRs when not in use spend their time in camera bags with lens caps securely fastened.
      Even if they weren't there's no way to point these devices so you're likely to only get a picture of a wall or something similar.

      Even if they were stored with the lenscaps off, and even if they were pointed in the right direction, and even if the zoom happens to be set in the right position the action of engaging autofocus and the resulting beep and AF assist lighting coming on, not to mention

      • by djmurdoch (306849)

        Lots of cameras have microphones. Those work with the lens cap on. For example, the Canon EOS M has a stereo mic and WiFi. Since it doesn't have a hideaway lens, it would be easy to forget to turn it off when you put it away -- I do that a lot with my DSLR.

        • by thegarbz (1787294)

          You're assuming the hack allows low level hardware interaction. It doesn't, it only allows you to control camera function. So to engage the microphone the Canon 1Dx would make a satisfying clank when it switches to video recording mode and flips up the mirror.

          Yes it may be more discrete to do with a point and shoot or the crappy M series, but this is still a massively roundabout way of invading someone's privacy. I don't see this action ever being a rampant problem.

  • You'd be able to steal nudie pics taken in private from outside the studio/house.

    • by kwbauer (1677400)

      Or just wait a day and get them after their uploaded to the internet. That way you don't do anything that could be generally construed as illegal. Well, unless your into kids. In that case, you have more serious issues to deal with.

      And if you have to drive around, surreptitiously looking for unencrypted and otherwise unprotected cameras from which to pilfer nudie pics because you've "reached the end" of that particularly large back-alley of the internet, then you also have a problem and should probably seek

  • by Anonymous Coward

    Do you like live videos of bands? Then please don't do this at your local venues. I've seen all kinds of nonsense infra red signals taking over band equipment, shutting off cameras, this happens a lot more than people think. So let the band play their song in peace, and don't slam the crap out of the camera people or there won't be many more free live videos that you love. I know you all are going to do what you are going to do, but at least you now know the other side of the coin here. If all someone

  • by egcagrac0 (1410377) on Tuesday March 26, 2013 @05:59AM (#43279579)

    managed to gain complete control of it

    Aiming the camera under remote control via software is a pretty good trick. Ordinarily, you need to mount it on a pan-tilt device.

    Removing the lens cap from software is another good trick. Powering the thing on remotely with batteries removed is amazing.

    Yes, this is pedantic, but I'm guessing they don't have complete control of the camera. They may have control of the camera software.

  • Let's see... professional DSLR's to be used for spying

    That's going to be hard with the camera in the camera bag, where most SLR's are when not in use. But let's assume this one's not.
    That's going to be hard with the lens cap on the lens, which is the case with most SLR's that are not in use but not in the bag. But let's assume this one's not.
    That's going to be hard with the camera pointing in the right direction, which is pretty hard given the form factor (vertical grip) of a "casual laying around" SLR
  • One would think that the moment you mentioned 'wi-fi' and any other tech, that, hacking and therefore protection from hacking would be a priority .. you know.. ensuring your product's integrity? Nah..

For every bloke who makes his mark, there's half a dozen waiting to rub it out. -- Andy Capp

Working...