Wi-Fi Enabled Digital Cameras Easily Exploitable 96
An anonymous reader writes with some news that might make you think twice before getting a network-enabled camera. From the article: "Users' desire to share things online has influenced many markets, including the digital camera one. Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them. But, as proven by Daniel Mende and Pascal Turbing, security researchers with ERNW, these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices. The researchers chose to compromise Canon's EOS-1D X DSLR camera and exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it."
Excellent! (Score:5, Insightful)
Now it should be simple to make a smartphone app to control the camera. Before, you had to get the API from the manufacturer, sign an NDA, often pay money and then pour through the poorly documented mess.
Progress!
Re: (Score:2)
"Progress!"
Hahaha. Exactly. When I read OP the first thing I thought was "So... make and sell a 3rd party remote control."
Re: (Score:2)
I assume you mean pore through as I cannot figure out how one pours documentation.
The documentation is poor. As you're poring through it, you see all of the gaps in their coverage. It's those gaps that you pour through.
Re: (Score:2)
You can only pour through the gaps after your brain has been turned to mush by the unintelligible documentation. This could take some time.
Re: (Score:2)
http://www.chainfire.eu/projects/48/DSLR_Controller/ [chainfire.eu]
Re: (Score:2)
(apart from the fact it's USB not WiFi - but the basic principle applies...)
Re: (Score:2)
Yeah, I've been using DSLR Controller [google.com] to control my Canon T3i via my tablet (USB) for some time. It's pretty clumsy having to deal with a cable but I would rather do that then have my camera support wireless.
Toxic content (Score:5, Funny)
Hijacking thousands of vacation pictures may prove fatal to the pirates who steal them, contracting terminal boredom. Meanwhile, spies and celebrities should avoid using cameras with remote access vulnerabilities
Re: (Score:3)
Hijacking thousands of vacation pictures may prove fatal to the pirates who steal them, contracting terminal boredom. Meanwhile, spies and celebrities should avoid using cameras with remote access vulnerabilities
Uh, are you sure about celebrities? I heard Kim Kardashian is coming out with her own signature series camera. Apparently it's got some pretty cool features, including a free exclusive contract with a top director in the adult film industry...
Re:Editors are people who EDIT! (Score:5, Informative)
We can achieve adding Wi-Fi capabilities to cameras by adding an SD card, yes.
Eye-fi [www.eye.fi]. And yes, mine works quite well.
Re: (Score:2)
Security never was a concern (Score:4, Interesting)
The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible. Spending money on securing the add features that consumers want (ie. wifi) cuts into the bottom line.
Will it stop consumers from buying the models? My guess is no.
What will the camera makers do? Make a new model, same as the old model, but with added security features. Of course, you will pay 50% more for the new "model".
Re: (Score:2, Insightful)
The build COST on a 1D-X is nearly $4000USD. Cutting corners in software was not high on the list.
Re:Security never was a concern (Score:4, Informative)
EYE-FI SD cards are cool, but storage capacities trail what you can get with a straight storage card. So for example you can get a 16G EYE-FI card, but a SanDisk Extreme SDXC card comes in capacities up to 128G.
EYE-FI has other problems, including fairly slow WIFI transfer speeds. WIFI tends to drop out unless you are transferring to a storage device on your belt, and a 4G hotspot setup doesn't work very well when you are taking RAWs. I would not rate EYE-FI as a professional-level product, frankly.
Sometimes quality and dependability trump convenience. My preference is to stick to normal storage cards and not have to worry about some WIFI snafu messing up my ability to take pictures. EYE-FI has its benefits, but it also has a lot of moving parts (software-wise).
-Matt
Re: (Score:2)
eye-fi sd cards, on the other hand, start at about 30-35 bucks... and cameras with built-in networking features, start at less than 100..
Sure, but you also fail to realize the point of the wifi/networking for the Canon DSLRs. It isn't just about dumping your photos off the camera in real-time, it also provides full remote control of the camera. For the average consumer, this doesn't mean much, but in certain parts of the professional world, this is a huge deal. Take, for example, an architectural photographer taking a picture of a tight space (say the inside of a bathroom). Remote contorl over the camera lets them stuff the camera into a
Re: (Score:3)
Of course it was. $4000 camera, and it still cant manage flash filesystem properly and will corrupt saved files if you insert a card with non continuous space (plug card into computer, delete few random pictures, insert into camera, happy recovery).
Canon, Nikon, Sony and other mayor manufacturers ALL recommend you to
-format card in the camera, not in computer
-never edit/delete files in the camera itself
Re: (Score:2)
Seems simple enough, and is in fact what I've always done, simply by default.
I could see why some people would want to delete photos in the camera, after all, there's a delete button right there... but if you're shooting enough to where you're worried about the space available on the card, you can probably afford a couple extra cards.
Re: (Score:3, Interesting)
Yes, delete button is right there, and will happily help you corrupt all of your data on the card, in $4000 camera. Thats the point. Software in those cameras is GARBAGE. Wifi link being open to all kinds of exploits is not really surprising.
btw new ExFAT filesystem brings even more garbage 'someone wrote it and it kinda works, lets not touch this" code to new hi-end cameras.
Re:Security never was a concern (Score:5, Interesting)
What on Earth are you doing with your cameras? I've been deleting unnecessary photos from cameras for years, as well as using the memory cards for general file storage (somehow I still have no USB memory whatsits) - and I've yet to suffer from any file corruption. I do tend to reformat cards that need emptying rather than mass-deleting files, but that's mainly 'cause it's much quicker that way. I've frequently had full cards that I've pruned photos from so I can take some more. (Experience mainly with Canon dSLRs, but also with Fujifilm, Minolta, Panasonic etc.)
I suspect my habit of only buying decent memory cards has caught up with me yet again. :-(
Re:Security never was a concern (Score:4, Informative)
I do sometimes delete photos in-camera, usually three or four out of every 100 or so I take, but generally I recommend (and also for myself) NOT to delete photos in-camera because it's easy to miss things you might want to keep when you try to review pictures on such a small display.
But I've never had an issue with any of my Canon's corrupting the SD card.
-Matt
Re: (Score:2)
Re: (Score:3, Informative)
I don't know how many times i've had to try to recover photos because somebody used the delete button....WTF?
Yeah. WTF are you talking about. I've deleted individual photos on camera and on the computer with both Nikon's and Canons. I've even added folders and stored photoshop and word docs on them and put them back in the camera and they work just fine. They simply ignore those files (and folders) and remove the space they use from the available space.
I suggest that the reason you have to recover so many p
Re: (Score:3)
Re: (Score:3)
Which manufacturer and camera models suffer from this problem? I'd be interested to know, so I can recommend against them.
(I've helped out with a fair amount of digital camera stuff for friends and relatives, and I've never actually seen a corrupted memory
Re: (Score:2)
Re: (Score:2)
I use only top quality memory cards and have shot a very large amount of pictures over the years on Nikon D200, D300 and Fujifilm X100, and tend to delete poor quality pictures on spot, but have to date never encountered this problem which lead me to suspect that perhaps many of cases you've seen might be attributed to poor quality memory cards rather than camera firmware, alternatively that I use cameras with better than average firmware. Another possibility could of course also be that in your line of wor
Re: (Score:3)
I have about the cheapest camera you can get, a Kodak® EasyShare® I got at Walmart® three or four years ago for maybe $40 (it was their Black Friday special). Sometimes the lens won't go in and out all the way because it got sand in it. And yet... there has never been any problem with the software. Delete random photos out of a bunch directly on the camera, no problem.
So... if a couple of folks on here say that deleting files has caused file system corruption and a couple of other folks have s
Re: (Score:2)
$4000 production cost? (Score:2)
Is that the marginal cost of production, the amortized cost of production (i.e. sunk costs spread out over the entire production run), or the amortized costs of production, marketing/sales, support (warranties aren't free, folks), etc.?
Re: (Score:3)
I wonder if this exploit is the reason why Canon didn't release a Wi-Fi/GPS-capable EF-S camera body last week (70D, rumored) like just about everybody expected (and like a sizable percentage of Canon DSLR users are holding out for).
It just seems bizarre that such largely consumer-centric features are unavailable except in their pro DSLRs, which won't work with any of their consumer-priced lenses. Only
Re: (Score:2)
which won't work with any of their consumer-priced lenses.
Sure it will, the 50mm f/1.8 works quite well, is full framed and sets you back $150.
Re: (Score:2)
The problem is not that you can't get any lenses in a consumer-affordable price range, but rather that many of the EF lenses are dramatically much more expensive for a given angle on a full-frame sensor than an EF-S lens that would produce that same view angle on a crop body.
For example, I frequently find myself using my 10-22mm EF-Szoom lens. Canon's EF equivalent, after compensating for the 1.6x crop, is the 16-35. The 10-22 EF-S costs about $720. The 16-35 costs a jaw-dropping $1450.
Re: (Score:2)
For example, I frequently find myself using my 10-22mm EF-Szoom lens. Canon's EF equivalent, after compensating for the 1.6x crop, is the 16-35. The 10-22 EF-S costs about $720. The 16-35 costs a jaw-dropping $1450.
Yes, and optically, the 10-22 is much easier to make, and requires less precision than the 16-35. You're also comparing a consumer grade lens (the 10-22) with L glass. They're two completely different classes of lenses, with completely different performance metrics. It's not just the focal length, but the resolution, flare control (especially at these focal lengths), build quality, and materials.
Re: (Score:2)
The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible..
I suspect that lacking the relevant institutional expertise doesn't help. The camera guys may have some fucking software wizards when it comes to crunching raw sensor data into an agreeable format at high speed, on a weedy little embedded chip, without crushing the battery; but(as Adobe demonstrates about three times a week) image-processing expertise is minimally connected with good software engineering practices, much less security-focused design...
Can anybody think of an industry that went from producing
Re: (Score:2)
Embedded industrial and medical devices need to be controlled/monitored remotely, which means that they need open ports. There's no good reason for a camera to have any open ports by default. Thus, assuming they are using a reasonably robust and well-tested OS, the attack surface should be very, very small.
Re: (Score:2)
Oh, I'd be the last to deny that they fucked up here. My point was just that, as best I can see, every previously-not-networked industry manages a period of impressive lousiness and seems to feel some sick need to learn from their own painful mistakes, rather than learning from somebody else's painful mistakes that have already been made. I don't know why.
Things that don't need to be connected to the inte (Score:4, Interesting)
Re:Things that don't need to be connected to the i (Score:5, Insightful)
Interesting, but the article itself mentions a camera body that's meant for professionals who are handed contracts to deliver photos within a time frame following events. (most MAJOR sporting events the photos need to be uploaded from the camera back to a central repo within 4 hours of the event, so they can go to print for the following morning. )
Saving a few minutes here and there is KEY to getting ahead in that industry.
Re: (Score:2)
(most MAJOR sporting events the photos need to be uploaded from the camera back to a central repo within 4 hours of the event, so they can go to print for the following morning. )
Saving a few minutes here and there is KEY to getting ahead in that industry.
It takes about 10 seconds to remove the memory card and plug it into a tablet/laptop/whatever. Unless you need photos uploaded essentially as you shoot them (which I suspect woudn't work very well at the same time you were taking new pictures), there is no reason to have the camera able to connect to a network.
In addition, it's likely the file transfer software on the tablet/laptop/whatever is far more robust than anything on the camera. This might give you features such as automatic retry, resuming in th
Re:Things that don't need to be connected to the i (Score:5, Informative)
You're kind of assuming the photographer is right next to the cameras - professional wireless whatsits (e.g. Nikon [bhphotovideo.com] and Canon [bhphotovideo.com]) are intended for full remote control of multiple cameras. So at a sports event, a photographer might have one down behind the goal with a wide-angle lens, another pointing at the other goal, etc. etc. etc. - all uploading to the photo agency for up-to-the-moment imagery. Newspapers needed things soon, the internet needs it now.
Still decidedly embarrassing if they are so easily compromised, of course.
Re:Things that don't need to be connected to the i (Score:4, Interesting)
So a devious photographer may create an automated wifi entry and corruption script and fire it up on a critical event, walking away with the only usable money shot.
Re: (Score:1)
So at a sports event, a photographer might have one down behind the goal with a wide-angle lens, another pointing at the other goal, etc. etc. etc. - all uploading to the photo agency for up-to-the-moment imagery. Newspapers needed things soon, the internet needs it now.
Still decidedly embarrassing if they are so easily compromised, of course.
And now all I have to do is put myself somewhere in range of the remote controlled cameras, find an exploit, publish their photograph first and take credit for it. Much faster and easier than actually doing all the work.
I see where this technology is potentially very useful, but just like compromised "smart meters" and other "smart" appliances, cameras don't need to be a part of the "internet of things" unless you're cool with someone potentially watching everything you do with it.
Re:Things that don't need to be connected to the i (Score:5, Interesting)
On the contrary. When recording the police, it's best to upload live, so when they steal your camera, they don't get the footage.
Re: (Score:3)
It only talks to networks you have told it about. Ad-hoc to a laptop, or to a wifi router. Via WPA. It does not talk directly to 'the internet', unless you tell it to. It can upload directly to flickr/facebook/etc....if you tell it to. I don't.
I do a lot of macro photography at home , and not having to swap the card between camera and PC is a godsend.
Is it exploitable? Don't know. Maybe.
Now...if I were going to attend an 'event' where my camera might get confiscated, I might have a nearby compatri
Re: (Score:2)
Seriously, this is one of them. I love the idea of sharing and all, but we can wait to see your vacation or ...other... pics more than 15 minutes after you take it. A camera does not need to be directly connected to the internet, and all it does is open up potential security flaws. Find a good way to remotely exploit this and next thing you know, you can just take a vacation vicariously, through someone's (unsuspecting) lens. With the way tablets, smartphones etc are going, they can be great and (more) secure gateways to posting things, plus it gives you the chance to *filter* your photos...
As I mentioned above, the real point of the wifi link is NOT for sharing the photos. It's to remote control the camera so that you can either control it without touching it (say when doing astro-photography, where simply touching the camera will throw your whole system out of whack), doing tasks that you can't do hands on (Focus micro-adjustments, highly useful when doing product photography), or controlling the camera when it is placed in an otherwise inaccessible location.
The other main use for the wirel
Been paranoid since the printers got wifi (Score:5, Insightful)
This trend of making all things that exist wireless can have pretty bad consequences if companies aren't held accountable for what they produce. I'm sorry, it's not hard. It just takes code correctness and some discipline to not take a route only cause it's easy. I'm not naive; I understand being first out of the gate matters, but making that a priority at the cost of some basic security is unacceptable.
If the programmers aren't delivering on time or creating insecure code, then part of the problem may be management. As Scott Adams wrote today, Management exists to minimize the problems created by its own hiring mistakes [dilbert.com]. It's some kind of endmic disease that technical people are expected to push through a product quickly first, securely second.
Re: (Score:3)
not hard
code correctness
discipline
I would like to move to your country.
Re: (Score:2)
Digital cameras are a commodity. For under $150-200 these days (under $100 on sale), you get a pretty dec
Duct Tape Wins Again (Score:1, Funny)
At first glance,homesecurity looks like a cash cow (Score:5, Funny)
So if you wanted to start your own security system, you'd be back 100$ for 5 cameras/cables. You'd need to write some code, or have someone write it for you, but this is only a one time cost. And you can charge people 45$/month or a one time fee of 500-700$, and that is way cheaper that what is on the market, and what is on the market doesn't let you check your security cameras from your smart phone.
Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?
Re: (Score:3)
The plethora of cheap, standalone, multicam systems by Lorex, Zmodo, etc that already do this.
Re: (Score:2)
Reliability, maintainability, installation, liability, insurance, service... pretty much everything in fact.
Re: (Score:2)
Well, you can buy a damn nice DVR from Lorex that has it all including hard drive recorder, 4-6 cameras, night lights, and cabling for around $600 all together, or much less. Including PC software to access it over a network, and with the first firewall configuration, using apps on iOS and Android.
And they're nicer higher-definition color cameras at that. Hell, our company replaced an old camera system using Panasonic NTSC cameras and a Windows 98 PC being a DVR (total cost - tens of thousands back in the d
Re: (Score:2)
Besides the fact that you'll need special hardware to extend USB past 5 meters (about 16 feet), and the fact that the extenders alone will eat that $20?
Was this via Canon or 3rd Party Adaptor? (Score:1)
I have a 1Dx, and it doesn't come by default with wireless (just gigabit ethernet). Or GPS. You can buy the super expensive Canon adaptors or eyefi adaptors for way cheaper, but the article is pretty light to determine risk. As noted above - mostly concerned will be sports and events photographers who have a workflow involving wireless transmission / post processing, who actually have added the hardware and turned it on.
Fill in the blank... (Score:2)
Not unexpected but... (Score:5, Informative)
Not unexpected, but its kinda hard to take candid photos from a hijacked camera when the lens cap is on. And those WIFI systems are not generally left on anyhow.
I don't understand why they used a 1Dx though, which would require an external WIFI adapter to even have a WIFI capability. I would be more interested in penetration testing something like the Canon 6D which has the WIFI built-in. I fully expect there to be holes, Canon's WIFI software has always been quite primitive and even the new stuff is still quite primitive.
But if we make enough noise and Canon will fix it in a software update.
Currently I only use the 6D's built-in WIFI to be able to review pictures in-camera from an android tablet... quite a useful feature. I'm not particularly worried about hijacking there since the Camera's WIFI transmitter has rather limited range. And most of the time the WIFI is turned off anyway since it eats the battery otherwise.
-Matt
Re: (Score:2)
Not unexpected, but its kinda hard to take candid photos from a hijacked camera when the lens cap is on.
Key point right there. Most DSLRs when not in use spend their time in camera bags with lens caps securely fastened.
Even if they weren't there's no way to point these devices so you're likely to only get a picture of a wall or something similar.
Even if they were stored with the lenscaps off, and even if they were pointed in the right direction, and even if the zoom happens to be set in the right position the action of engaging autofocus and the resulting beep and AF assist lighting coming on, not to mention
Re: (Score:3)
Lots of cameras have microphones. Those work with the lens cap on. For example, the Canon EOS M has a stereo mic and WiFi. Since it doesn't have a hideaway lens, it would be easy to forget to turn it off when you put it away -- I do that a lot with my DSLR.
Re: (Score:2)
You're assuming the hack allows low level hardware interaction. It doesn't, it only allows you to control camera function. So to engage the microphone the Canon 1Dx would make a satisfying clank when it switches to video recording mode and flips up the mirror.
Yes it may be more discrete to do with a point and shoot or the crappy M series, but this is still a massively roundabout way of invading someone's privacy. I don't see this action ever being a rampant problem.
Sounds like fun (Score:2)
You'd be able to steal nudie pics taken in private from outside the studio/house.
Re: (Score:1)
Or just wait a day and get them after their uploaded to the internet. That way you don't do anything that could be generally construed as illegal. Well, unless your into kids. In that case, you have more serious issues to deal with.
And if you have to drive around, surreptitiously looking for unencrypted and otherwise unprotected cameras from which to pilfer nudie pics because you've "reached the end" of that particularly large back-alley of the internet, then you also have a problem and should probably seek
Please don't escalate this exploit (Score:1)
Do you like live videos of bands? Then please don't do this at your local venues. I've seen all kinds of nonsense infra red signals taking over band equipment, shutting off cameras, this happens a lot more than people think. So let the band play their song in peace, and don't slam the crap out of the camera people or there won't be many more free live videos that you love. I know you all are going to do what you are going to do, but at least you now know the other side of the coin here. If all someone
Good trick (Score:3)
managed to gain complete control of it
Aiming the camera under remote control via software is a pretty good trick. Ordinarily, you need to mount it on a pan-tilt device.
Removing the lens cap from software is another good trick. Powering the thing on remotely with batteries removed is amazing.
Yes, this is pedantic, but I'm guessing they don't have complete control of the camera. They may have control of the camera software.
Oh the horror! (Score:1)
That's going to be hard with the camera in the camera bag, where most SLR's are when not in use. But let's assume this one's not.
That's going to be hard with the lens cap on the lens, which is the case with most SLR's that are not in use but not in the bag. But let's assume this one's not.
That's going to be hard with the camera pointing in the right direction, which is pretty hard given the form factor (vertical grip) of a "casual laying around" SLR
What an oversight... (Score:2)