Wi-Fi Enabled Digital Cameras Easily Exploitable

An anonymous reader writes with some news that might make you think twice before getting a network-enabled camera. From the article: "Users' desire to share things online has influenced many markets, including the digital camera one. Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them. But, as proven by Daniel Mende and Pascal Turbing, security researchers with ERNW, these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices. The researchers chose to compromise Canon's EOS-1D X DSLR camera and exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it."

Security never was a concern

[Nyder]

The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible. Spending money on securing the add features that consumers want (ie. wifi) cuts into the bottom line.

Will it stop consumers from buying the models? My guess is no.

What will the camera makers do? Make a new model, same as the old model, but with added security features. Of course, you will pay 50% more for the new "model".

Things that don't need to be connected to the inte

[jazzdude00021]

Seriously, this is one of them. I love the idea of sharing and all, but we can wait to see your vacation or ...other... pics more than 15 minutes after you take it. A camera does not need to be directly connected to the internet, and all it does is open up potential security flaws. Find a good way to remotely exploit this and next thing you know, you can just take a vacation vicariously, through someone's (unsuspecting) lens. With the way tablets, smartphones etc are going, they can be great and (more) secure gateways to posting things, plus it gives you the chance to *filter* your photos...

Re:Things that don't need to be connected to the i

[fustakrakich]

On the contrary. When recording the police, it's best to upload live, so when they steal your camera, they don't get the footage.

Re:Security never was a concern

[citizenr]

Yes, delete button is right there, and will happily help you corrupt all of your data on the card, in $4000 camera. Thats the point. Software in those cameras is GARBAGE. Wifi link being open to all kinds of exploits is not really surprising.

btw new ExFAT filesystem brings even more garbage 'someone wrote it and it kinda works, lets not touch this" code to new hi-end cameras.

Re:Security never was a concern

[Ford Prefect]

Yes, delete button is right there, and will happily help you corrupt all of your data on the card, in $4000 camera. Thats the point.

What on Earth are you doing with your cameras? I've been deleting unnecessary photos from cameras for years, as well as using the memory cards for general file storage (somehow I still have no USB memory whatsits) - and I've yet to suffer from any file corruption. I do tend to reformat cards that need emptying rather than mass-deleting files, but that's mainly 'cause it's much quicker that way. I've frequently had full cards that I've pruned photos from so I can take some more. (Experience mainly with Canon dSLRs, but also with Fujifilm, Minolta, Panasonic etc.)

I suspect my habit of only buying decent memory cards has caught up with me yet again. :-(

Re:Things that don't need to be connected to the i

[Sigg3.net]

So a devious photographer may create an automated wifi entry and corruption script and fire it up on a critical event, walking away with the only usable money shot.