canon rumors FORUM

Gear Talk => EOS Bodies - For Stills => Topic started by: TrumpetPower! on March 25, 2013, 11:29:18 PM

Title: Networkable DSLRs trivially hacked
Post by: TrumpetPower! on March 25, 2013, 11:29:18 PM
Here're a couple security researchers giving an hour-long presentation at Shmoocon. They demonstrate that the 1Dx is basically an open sieve when it comes to security.

http://www.youtube.com/watch?v=u7RjJNLnWF8 (http://www.youtube.com/watch?v=u7RjJNLnWF8)

If you turn on WiFi or plug in a network cable to your DSLR, basically anybody can do anything they way to it. Read all the pictures off the card; upload whatever they want to the camera (think of somebody uploading something really nasty and then tipping off the police officer standing right over there); even turn the camera into a remote surveillance device without your knowledge.

I'm sure Canon will fix this; they won't have any choice. I'm also sure it'll take a while, and that they won't get it right the first or even the umpteenth time. That's just the way that big companies new to networking react...they'll ignore it for a while, then grudgingly make a half-assed attempt at fixing things that won't do anything, and eventually reach a state where there're constant minor updates to stay on top of with the odd more major one just to keep things interesting.

But, in the mean time, you would be well advised to only turn on WiFi in areas where there is no possibility of anybody hostile being within physical range of your camera's WiFi signal. Similarly, only plug the camera's ethernet cable into a secured and trusted network fully firewalled from the Internet.

It's a same, because I was just thinking of how neat all this WiFi control stuff could be. Ah, well. Some day....

Cheers,

b&
Title: Re: Networkable DSLRs trivially hacked
Post by: cookinghusband on March 25, 2013, 11:56:29 PM
I want to do all the above to my 1d

I guess the existing setup make it simple to user to connect it to the network

User just need to secure their network instead of a camera,

I like this link

interested to control my camera via a camera from a long distant

The most Canon ned to do is to let user have a password for camera use for network access.

but I much prefer with out password
Title: Re: Networkable DSLRs trivially hacked
Post by: TrumpetPower! on March 26, 2013, 12:09:27 AM
User just need to secure their network instead of a camera,

Easier said than done. How're you supposed to secure the public WiFi at the Starbuck's?

Quote
interested to control my camera via a camera from a long distant

You can do that today already, assuming you can control it from the network in the first place.

Problem is...so can anybody else....

b&
Title: Re: Networkable DSLRs trivially hacked
Post by: ahab1372 on March 26, 2013, 12:22:58 AM
I'm just surprised how people think this is a scandal of some kind. Canon added network features to the camera, it never occurred to me that the cameras were intended to be internet-ready.
It is nice to be able to connect the camera to a private Ethernet network, or an ad-hoc network to your phone, but that's it. Connecting to the public wifi at Starbicks? Not what it is made for.
Title: Re: Networkable DSLRs trivially hacked
Post by: TrumpetPower! on March 26, 2013, 12:33:33 AM
Connecting to the public wifi at Starbicks? Not what it is made for.

Problem is, that's going to be the very first thought of every photojournalist of any type. Or, if not Starbucks, then the hotel's WiFi, or the public (or quasi-public) WiFi at the stadium, or whatever.

And, arguably, that's exactly what it's made for. Shoot your assignment and dump all your pictures to the editor's desk before you leave the venue, and they get published before the event's even over.

And why not?

I'm not surprised. It doesn't even occur to people, even many computer programmers, that some random device needs any kind of security when you connect it to the Internet. I mean, who's going to want to hack a camera?

The answer?

Everybody at the next Red Carpet affair looking for a wardrobe malfunction, everybody with a grudge against a photographer who'd just love to see the police catch her red-handed with some kiddie porn, everybody who'd like to see the live view feed from that supposedly-off camera in the locker room.

These cameras could have been secured, right from the get-go. And they should have been, too. But, again, I'm not at all surprised that they're not...indeed, it would have been naïve to have expected otherwise.

Hell, just the fact that they include a built-in FTP (as opposed to SFTP) client should have been the big tip-off right there....

Cheers,

b&
Title: Re: Networkable DSLRs trivially hacked
Post by: ahab1372 on March 26, 2013, 01:18:05 AM
I never saw it that way because of the built in FTP server. Does it even connect to another server? Http/s, webDav? I might have missed some features, but I figured the camera just doesn't have features to actively connect to another server, so why connect it to the Internet?
The scenario you describe does make sense, but canon didn't go all the way (unless I missed some features, as I said)
Title: Re: Networkable DSLRs trivially hacked
Post by: TrumpetPower! on March 26, 2013, 01:32:03 AM
I never saw it that way because of the built in FTP server. Does it even connect to another server?

First, it varies from model to model.

But the 1Dx has a built-in FTP client that will connect to a remote server. With all of the lack of security of FTP that's been universally known about for at least three decades, now -- meaning that basically everything the client and server have to say to each other is entirely public. If you do anything with FTP, you should assume that everybody on the same network has your username and password along with a copy of all data that you transmit. And you shouldn't even assume that the server the client is talking to is the one you think you're talking to...it's trivial to convince an FTP client to think that the attacker's server is the real deal.

In addition to that, the 1Dx has three other network modes, including a trivially-hacked Web server (not client) that gives you nearly full access to the camera, and a proprietary control mode that gives you so much control over the camera that you can even lock out the user of the camera from doing anything, leaving them with only the option of pulling the battery -- all while the attacker remains full control over everything but the zoom ring and the direction the camera's pointed in.

The 6D is likely very similar, except its WiFi is built in whereas the WiFi on the 1Dx requires an extra doohickey. I think the 5DIII with the WiFi doohickey is basically the same as the 1Dx.

The researchers in the video didn't investigate Nikon's vulnerability, but I'd be surprised if it's much different from the Canon. Maybe it is, but this sort of thing just hasn't been on anybody's radar, and it'd be uncharacteristic of a big company to even realize the potential for mayhem before somebody rubs their noses in it.

Cheers,

b&
Title: Re: Networkable DSLRs trivially hacked
Post by: ahab1372 on March 26, 2013, 01:43:54 AM
You are right, it does have an FTP client, among other things. When I read "FTP" when it was first announced, instead of FTPs or https I thought it was pretty obvious that it was not designed for Internet or public networks. Rudimentary network capabilities, not more. I was just surprised this was published as major discovery of a security whole. I thought it was pretty obvious.
Would have been nice for sure for some or many users if they had added a bit more. Next round maybe ;-)
Title: Re: Networkable DSLRs trivially hacked
Post by: TrumpetPower! on March 26, 2013, 01:52:10 AM
You are right, it does have an FTP client, among other things. When I read "FTP" when it was first announced, instead of FTPs or https I thought it was pretty obvious that it was not designed for Internet or public networks. Rudimentary network capabilities, not more. I was just surprised this was published as major discovery of a security whole. I thought it was pretty obvious.
Would have been nice for sure for some or many users if they had added a bit more. Next round maybe ;-)

It's just that kind of thinking that leads to this being a problem in the first place.

I'm sure the programmers at Canon thought the same as you -- that it'd be obvious that this is just a neat add-on for people to use on their trusted LANs to save plugging the card into the card reader, and nothing more, and that nobody would be stupid enough to attach their $6,000 camera to a public WiFi hotspot.

But the marketing types, and especially the non-programmer end users...well, the "you'd have to be stupid to use this" doesn't even register, let alone make sense. Their first thought -- and rightly so -- is, "Cool! Now I can use my camera just like I already use my iPhone and everything else I have with WiFi! Just think of all the weird places I can go and still get my pictures back to the office immediately!"

And there's no reason why they shouldn't be able to. Securing these kinds of devices isn't hard; you just have to follow some basic best-practices.

Except, of course, it's impossible to do if the programmers have the mindset of, "Well, nobody would really be stupid enough to actually use this sniny new feature I'm creating, would they?"

Cheers,

b&
Title: Re: Networkable DSLRs trivially hacked
Post by: ahab1372 on March 26, 2013, 03:40:52 AM
You are right - people just want to use stuff (and there is nothing wrong with that) and the lack of security is not obvious if you don't happen to have some background knowledge.
I still wouldn't call it " hacked" - there is nothing to hack, everything seems wide open.
Title: Re: Networkable DSLRs trivially hacked
Post by: TrumpetPower! on March 26, 2013, 10:17:50 AM
You are right - people just want to use stuff (and there is nothing wrong with that) and the lack of security is not obvious if you don't happen to have some background knowledge.
I still wouldn't call it " hacked" - there is nothing to hack, everything seems wide open.

Oh, it's hacked, all right. It only seems open to you because you know what's involved in securing something like this. The average non-technical person, though...well, that just anybody can do anything with and to the camera without so much as a "May I?" or leaving a trace, that'll come as quite a shock.

And, if you watch the video, you'll see that the camera does have a bit of superficial obfuscation that will appear to a non-technical person exactly identical to full security. There're passwords, you have to "pair" with the camera, that sort of thing. Nothing even hints to the end user that none of these are any more substantial than the stanchion rope at the movie theatre.

Cheers,

b&
Title: EOS-1DX: Can be hacked into a spying device?
Post by: cayenne on March 26, 2013, 11:03:13 AM
Interesting article, about all the wifi we're putting into cameras, or the SD cards you can put in them (like Eye-fi)...and they appear to generally not be secure.

http://www.net-security.org/secworld.php?id=14651 (http://www.net-security.org/secworld.php?id=14651)

It seems we're in a hurry in the world to make everything wireless, from medical devices to cameras...yet, the time isn't being taken to secure or encrypt the transmissions.  Your own camera spying on you? Remote control heart attack by messing with someones pacemaker?

Anyway...thought it was interesting...food for thought.

cayenne
Title: Re: EOS-1DX: Can be hacked into a spying device?
Post by: Skirball on March 26, 2013, 01:17:12 PM
It seems we're in a hurry in the world to make everything wireless, from medical devices to cameras...yet, the time isn't being taken to secure or encrypt the transmissions.  Your own camera spying on you? Remote control heart attack by messing with someones pacemaker?

You need to stop watching so much Homeland and crime dramas.  And yes, I've read the articles and the crap spewed by Barnaby Jack, it's still just fodder for sensationalists.
Title: Re: Networkable DSLRs trivially hacked
Post by: cayenne on March 26, 2013, 01:35:31 PM

I'm not surprised. It doesn't even occur to people, even many computer programmers, that some random device needs any kind of security when you connect it to the Internet. I mean, who's going to want to hack a camera?


This is happening to a lot of things. Like I'd mentioned in my post, medical instrumentation for instance, those wireless signals are sent in the clear, and can be read, intercepted or corrupted by anyone with a little tech savvy.

And there is often the larger question of why.....because it CAN be done. If it is out there, someone will want to get into it, and often they will be up for finding new and 'creative' ways to use that access.

C
Title: Re: Networkable DSLRs trivially hacked
Post by: rpt on March 26, 2013, 01:47:08 PM
I have a simple strategy for somebody trying to hijack my camera: I did not buy the 1DX. I got the 5D3! ;)
Title: Re: Networkable DSLRs trivially hacked
Post by: TrumpetPower! on March 26, 2013, 02:33:30 PM
I have a simple strategy for somebody trying to hijack my camera: I did not buy the 1DX. I got the 5D3! ;)

Well, in fairness, the two are equally hackable. You need an expensive doohickey to enable WiFi on either. Granted, you don't need a doohickey to connect the 1DX to ethernet but you do for the 5DIII, but it's rare for people to physically plug into an insecure network these days. Not that it's a good idea to depend on the security of the network, of course!

But, anyway. My suggestion is to leave all networking of any kind completely turned off unless you have a known-secure physical environment...and that's very rare as far as wireless goes.

In the mean time, if you really need to wirelessly get the pictures to your editor, use a card reader on your laptop. And if you need to remotely control your camera for anything more than infrared shutter release, do it with a single wire physically connecting your camera to the remote control.

It's not as convenient as wireless, sure...but getting hacked is much more inconvenient still.

And, yes. There are people who'll randomly search for anything hackable within range. They won't target you; they'll just get their kicks screwing you over because they can and they like feeling superior as they teach a lesson to those stupid idiots dumb enough to connect a camera to a publicly-accessible network.

Been there, done that, didn't get the T-shirt. Not with cameras, obviously, but with a couple computers a decade and more ago. Believe me, it's not fun, not something you want to clean up after, and nowhere worth the convenience of not having to stretch a wire between your computer and the camera.

Cheers,

b&
Title: Re: Networkable DSLRs trivially hacked
Post by: c.d.embrey on March 26, 2013, 03:08:30 PM
I love paranoia!! Everything is a disaster just waiting to happen. The internet is great for passing along dis-information and fueling paranoia ... gota love the 'net.

!. Photo Journalists use their smart-phones, not public WiFi, to do their up-loading. Not a problem for a pro. If your not a pro I'm sure your milage does vary :)

2. My GoPro Hero3 has a name (to control multiple cameras) and is password protected. WOW, such Hi-Tech in a $400.00 camera.
Title: Re: Networkable DSLRs trivially hacked
Post by: TrumpetPower! on March 26, 2013, 03:31:53 PM
I love paranoia!! Everything is a disaster just waiting to happen. The internet is great for passing along dis-information and fueling paranoia ... gota love the 'net.

Mr. Pot, please to meet Mr. Kettle.

Quote
!. Photo Journalists use their smart-phones, not public WiFi, to do their up-loading. Not a problem for a pro. If your not a pro I'm sure your milage does vary :)

If you bothered to watch the video, you'd have seen where they showed, for example, a Reuters pool advertisement with most of the cameras with the WiFi module attached. I don't even know how you'd get the pictures from your camera to your smart phone, or why you'd bother.

Quote
2. My GoPro Hero3 has a name (to control multiple cameras) and is password protected. WOW, such Hi-Tech in a $400.00 camera.

Again, if you had bothered to watch the video, you'd have seen that, yes, the Canon cameras have a "username" and a "password." And a "session ID" and all sorts of other things that, by their names, you'd nominally think would offer security. Thing is, as one would expect from a company that's not yet been publicly burned by a lapse in security, it's all so much window dressing that doesn't even pretend, behind the scenes, to actually do anything to secure the camera.

I have no clue if the GoPro is any better or worse in this regard. If I had to guess, I'd suggest it's probably about the same.

And this isn't at all paranoia. There is a very long history of all sorts of nasty things happening from lack of security. Hell, it was even a major news story a few years back when poor security caused a vice presidential candidate to lose control over her email account, and there's constant stories of somebody famous's cell phone being hacked and the contact list making the news in the tabloids, all those sorts of things.

The only reason the tabloids aren't using this to steal photos off of each others's cameras is because it's so new that cameras have their own built-in WiFi hotspots that it's only now that it's occurring to people that maybe they haven't been secured.

I wouldn't at all be surprised if there's a story that makes the evening news sometime in the next six months about a camera being hacked using the exact flaws the researchers in the video have discovered. Probably sooner, now that the cat's out of the bag.

One thing I can guarantee you: no way, no how does Pete Souza have WiFi turned on on any of his cameras today.

Cheers,

b&
Title: Re: Networkable DSLRs trivially hacked
Post by: Skirball on March 26, 2013, 03:43:48 PM
I wouldn't at all be surprised if there's a story that makes the evening news sometime in the next six months about a camera being hacked using the exact flaws the researchers in the video have discovered. Probably sooner, now that the cat's out of the bag.

Would that be before, or after, the piece on the waterskiing squirrel?
Title: Re: Networkable DSLRs trivially hacked
Post by: c.d.embrey on March 26, 2013, 03:44:46 PM



If you bothered to watch the video, ...

Not a valid address.

Quote
Again, if you had bothered to watch the video,..

Again, not a valid address.

Have a nice say :)



Title: Re: EOS-1DX: Can be hacked into a spying device?
Post by: cayenne on March 26, 2013, 04:03:02 PM
It seems we're in a hurry in the world to make everything wireless, from medical devices to cameras...yet, the time isn't being taken to secure or encrypt the transmissions.  Your own camera spying on you? Remote control heart attack by messing with someones pacemaker?

You need to stop watching so much Homeland and crime dramas.  And yes, I've read the articles and the crap spewed by Barnaby Jack, it's still just fodder for sensationalists.

Hmm...I've never seen Homeland, and I'm going to have to Google who Barnaby Jack is after I post this....

But I do work in tech, and I do have work in the security areas, and know a bit about penetration testing. This all isn't just sensationalism.

C
Title: Re: Networkable DSLRs trivially hacked
Post by: TrumpetPower! on March 26, 2013, 04:03:20 PM
If you bothered to watch the video, ...

Not a valid address.

Sorry 'bout that. The Canon Rumors forum does weird things to links. I've just fixed it, but you also could have copy / pasted the text of the link....

b&
Title: Re: Networkable DSLRs trivially hacked
Post by: Rienzphotoz on March 26, 2013, 04:13:37 PM
Interesting, thanks for sharing ... but, if I am not wrong, I don't think most photographers would be concerned with it.
I use 5D MK III with CamRanger for my WiFi needs and it is secured with a password, so me not worried  ;D
Title: Re: Networkable DSLRs trivially hacked
Post by: bvukich on March 26, 2013, 04:35:53 PM
Correct video link:
Shmoocon 2013 - Paparazzi Over IP (http://www.youtube.com/watch?v=u7RjJNLnWF8#)
Title: Re: Networkable DSLRs trivially hacked
Post by: cayenne on March 26, 2013, 09:29:11 PM
Interesting, thanks for sharing ... but, if I am not wrong, I don't think most photographers would be concerned with it.
I use 5D MK III with CamRanger for my WiFi needs and it is secured with a password, so me not worried  ;D
Well, I'm curious if that password makes for an encrypted connection...or not?

If not, would be trivial to do a man-in-the-middle attack, and gain info and access....