July 28, 2014, 05:16:10 AM

Author Topic: Networkable DSLRs trivially hacked  (Read 3732 times)

TrumpetPower!

  • 1D Mark IV
  • ******
  • Posts: 951
    • View Profile
Networkable DSLRs trivially hacked
« on: March 25, 2013, 11:29:18 PM »
Here're a couple security researchers giving an hour-long presentation at Shmoocon. They demonstrate that the 1Dx is basically an open sieve when it comes to security.

Small | Large


If you turn on WiFi or plug in a network cable to your DSLR, basically anybody can do anything they way to it. Read all the pictures off the card; upload whatever they want to the camera (think of somebody uploading something really nasty and then tipping off the police officer standing right over there); even turn the camera into a remote surveillance device without your knowledge.

I'm sure Canon will fix this; they won't have any choice. I'm also sure it'll take a while, and that they won't get it right the first or even the umpteenth time. That's just the way that big companies new to networking react...they'll ignore it for a while, then grudgingly make a half-assed attempt at fixing things that won't do anything, and eventually reach a state where there're constant minor updates to stay on top of with the odd more major one just to keep things interesting.

But, in the mean time, you would be well advised to only turn on WiFi in areas where there is no possibility of anybody hostile being within physical range of your camera's WiFi signal. Similarly, only plug the camera's ethernet cable into a secured and trusted network fully firewalled from the Internet.

It's a same, because I was just thinking of how neat all this WiFi control stuff could be. Ah, well. Some day....

Cheers,

b&
« Last Edit: March 26, 2013, 04:00:44 PM by TrumpetPower! »

canon rumors FORUM

Networkable DSLRs trivially hacked
« on: March 25, 2013, 11:29:18 PM »

cookinghusband

  • Power Shot G16
  • **
  • Posts: 33
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #1 on: March 25, 2013, 11:56:29 PM »
I want to do all the above to my 1d

I guess the existing setup make it simple to user to connect it to the network

User just need to secure their network instead of a camera,

I like this link

interested to control my camera via a camera from a long distant

The most Canon ned to do is to let user have a password for camera use for network access.

but I much prefer with out password
« Last Edit: March 26, 2013, 12:01:53 AM by cookinghusband »

TrumpetPower!

  • 1D Mark IV
  • ******
  • Posts: 951
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #2 on: March 26, 2013, 12:09:27 AM »
User just need to secure their network instead of a camera,

Easier said than done. How're you supposed to secure the public WiFi at the Starbuck's?

Quote
interested to control my camera via a camera from a long distant

You can do that today already, assuming you can control it from the network in the first place.

Problem is...so can anybody else....

b&

ahab1372

  • 7D
  • *****
  • Posts: 327
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #3 on: March 26, 2013, 12:22:58 AM »
I'm just surprised how people think this is a scandal of some kind. Canon added network features to the camera, it never occurred to me that the cameras were intended to be internet-ready.
It is nice to be able to connect the camera to a private Ethernet network, or an ad-hoc network to your phone, but that's it. Connecting to the public wifi at Starbicks? Not what it is made for.

TrumpetPower!

  • 1D Mark IV
  • ******
  • Posts: 951
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #4 on: March 26, 2013, 12:33:33 AM »
Connecting to the public wifi at Starbicks? Not what it is made for.

Problem is, that's going to be the very first thought of every photojournalist of any type. Or, if not Starbucks, then the hotel's WiFi, or the public (or quasi-public) WiFi at the stadium, or whatever.

And, arguably, that's exactly what it's made for. Shoot your assignment and dump all your pictures to the editor's desk before you leave the venue, and they get published before the event's even over.

And why not?

I'm not surprised. It doesn't even occur to people, even many computer programmers, that some random device needs any kind of security when you connect it to the Internet. I mean, who's going to want to hack a camera?

The answer?

Everybody at the next Red Carpet affair looking for a wardrobe malfunction, everybody with a grudge against a photographer who'd just love to see the police catch her red-handed with some kiddie porn, everybody who'd like to see the live view feed from that supposedly-off camera in the locker room.

These cameras could have been secured, right from the get-go. And they should have been, too. But, again, I'm not at all surprised that they're not...indeed, it would have been naïve to have expected otherwise.

Hell, just the fact that they include a built-in FTP (as opposed to SFTP) client should have been the big tip-off right there....

Cheers,

b&

ahab1372

  • 7D
  • *****
  • Posts: 327
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #5 on: March 26, 2013, 01:18:05 AM »
I never saw it that way because of the built in FTP server. Does it even connect to another server? Http/s, webDav? I might have missed some features, but I figured the camera just doesn't have features to actively connect to another server, so why connect it to the Internet?
The scenario you describe does make sense, but canon didn't go all the way (unless I missed some features, as I said)

TrumpetPower!

  • 1D Mark IV
  • ******
  • Posts: 951
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #6 on: March 26, 2013, 01:32:03 AM »
I never saw it that way because of the built in FTP server. Does it even connect to another server?

First, it varies from model to model.

But the 1Dx has a built-in FTP client that will connect to a remote server. With all of the lack of security of FTP that's been universally known about for at least three decades, now -- meaning that basically everything the client and server have to say to each other is entirely public. If you do anything with FTP, you should assume that everybody on the same network has your username and password along with a copy of all data that you transmit. And you shouldn't even assume that the server the client is talking to is the one you think you're talking to...it's trivial to convince an FTP client to think that the attacker's server is the real deal.

In addition to that, the 1Dx has three other network modes, including a trivially-hacked Web server (not client) that gives you nearly full access to the camera, and a proprietary control mode that gives you so much control over the camera that you can even lock out the user of the camera from doing anything, leaving them with only the option of pulling the battery -- all while the attacker remains full control over everything but the zoom ring and the direction the camera's pointed in.

The 6D is likely very similar, except its WiFi is built in whereas the WiFi on the 1Dx requires an extra doohickey. I think the 5DIII with the WiFi doohickey is basically the same as the 1Dx.

The researchers in the video didn't investigate Nikon's vulnerability, but I'd be surprised if it's much different from the Canon. Maybe it is, but this sort of thing just hasn't been on anybody's radar, and it'd be uncharacteristic of a big company to even realize the potential for mayhem before somebody rubs their noses in it.

Cheers,

b&

canon rumors FORUM

Re: Networkable DSLRs trivially hacked
« Reply #6 on: March 26, 2013, 01:32:03 AM »

ahab1372

  • 7D
  • *****
  • Posts: 327
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #7 on: March 26, 2013, 01:43:54 AM »
You are right, it does have an FTP client, among other things. When I read "FTP" when it was first announced, instead of FTPs or https I thought it was pretty obvious that it was not designed for Internet or public networks. Rudimentary network capabilities, not more. I was just surprised this was published as major discovery of a security whole. I thought it was pretty obvious.
Would have been nice for sure for some or many users if they had added a bit more. Next round maybe ;-)

TrumpetPower!

  • 1D Mark IV
  • ******
  • Posts: 951
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #8 on: March 26, 2013, 01:52:10 AM »
You are right, it does have an FTP client, among other things. When I read "FTP" when it was first announced, instead of FTPs or https I thought it was pretty obvious that it was not designed for Internet or public networks. Rudimentary network capabilities, not more. I was just surprised this was published as major discovery of a security whole. I thought it was pretty obvious.
Would have been nice for sure for some or many users if they had added a bit more. Next round maybe ;-)

It's just that kind of thinking that leads to this being a problem in the first place.

I'm sure the programmers at Canon thought the same as you -- that it'd be obvious that this is just a neat add-on for people to use on their trusted LANs to save plugging the card into the card reader, and nothing more, and that nobody would be stupid enough to attach their $6,000 camera to a public WiFi hotspot.

But the marketing types, and especially the non-programmer end users...well, the "you'd have to be stupid to use this" doesn't even register, let alone make sense. Their first thought -- and rightly so -- is, "Cool! Now I can use my camera just like I already use my iPhone and everything else I have with WiFi! Just think of all the weird places I can go and still get my pictures back to the office immediately!"

And there's no reason why they shouldn't be able to. Securing these kinds of devices isn't hard; you just have to follow some basic best-practices.

Except, of course, it's impossible to do if the programmers have the mindset of, "Well, nobody would really be stupid enough to actually use this sniny new feature I'm creating, would they?"

Cheers,

b&

ahab1372

  • 7D
  • *****
  • Posts: 327
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #9 on: March 26, 2013, 03:40:52 AM »
You are right - people just want to use stuff (and there is nothing wrong with that) and the lack of security is not obvious if you don't happen to have some background knowledge.
I still wouldn't call it " hacked" - there is nothing to hack, everything seems wide open.

TrumpetPower!

  • 1D Mark IV
  • ******
  • Posts: 951
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #10 on: March 26, 2013, 10:17:50 AM »
You are right - people just want to use stuff (and there is nothing wrong with that) and the lack of security is not obvious if you don't happen to have some background knowledge.
I still wouldn't call it " hacked" - there is nothing to hack, everything seems wide open.

Oh, it's hacked, all right. It only seems open to you because you know what's involved in securing something like this. The average non-technical person, though...well, that just anybody can do anything with and to the camera without so much as a "May I?" or leaving a trace, that'll come as quite a shock.

And, if you watch the video, you'll see that the camera does have a bit of superficial obfuscation that will appear to a non-technical person exactly identical to full security. There're passwords, you have to "pair" with the camera, that sort of thing. Nothing even hints to the end user that none of these are any more substantial than the stanchion rope at the movie theatre.

Cheers,

b&

cayenne

  • 1D X
  • *******
  • Posts: 1201
    • View Profile
EOS-1DX: Can be hacked into a spying device?
« Reply #11 on: March 26, 2013, 11:03:13 AM »
Interesting article, about all the wifi we're putting into cameras, or the SD cards you can put in them (like Eye-fi)...and they appear to generally not be secure.

http://www.net-security.org/secworld.php?id=14651

It seems we're in a hurry in the world to make everything wireless, from medical devices to cameras...yet, the time isn't being taken to secure or encrypt the transmissions.  Your own camera spying on you? Remote control heart attack by messing with someones pacemaker?

Anyway...thought it was interesting...food for thought.

cayenne

Skirball

  • Canon 70D
  • ****
  • Posts: 313
    • View Profile
Re: EOS-1DX: Can be hacked into a spying device?
« Reply #12 on: March 26, 2013, 01:17:12 PM »
It seems we're in a hurry in the world to make everything wireless, from medical devices to cameras...yet, the time isn't being taken to secure or encrypt the transmissions.  Your own camera spying on you? Remote control heart attack by messing with someones pacemaker?

You need to stop watching so much Homeland and crime dramas.  And yes, I've read the articles and the crap spewed by Barnaby Jack, it's still just fodder for sensationalists.

canon rumors FORUM

Re: EOS-1DX: Can be hacked into a spying device?
« Reply #12 on: March 26, 2013, 01:17:12 PM »

cayenne

  • 1D X
  • *******
  • Posts: 1201
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #13 on: March 26, 2013, 01:35:31 PM »

I'm not surprised. It doesn't even occur to people, even many computer programmers, that some random device needs any kind of security when you connect it to the Internet. I mean, who's going to want to hack a camera?


This is happening to a lot of things. Like I'd mentioned in my post, medical instrumentation for instance, those wireless signals are sent in the clear, and can be read, intercepted or corrupted by anyone with a little tech savvy.

And there is often the larger question of why.....because it CAN be done. If it is out there, someone will want to get into it, and often they will be up for finding new and 'creative' ways to use that access.

C

rpt

  • Canon EF 300mm f/2.8L IS II
  • *******
  • Posts: 2119
  • Could not wait for 7D2 so I got the 5D3
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #14 on: March 26, 2013, 01:47:08 PM »
I have a simple strategy for somebody trying to hijack my camera: I did not buy the 1DX. I got the 5D3! ;)

canon rumors FORUM

Re: Networkable DSLRs trivially hacked
« Reply #14 on: March 26, 2013, 01:47:08 PM »