July 30, 2014, 04:28:46 PM

Author Topic: Networkable DSLRs trivially hacked  (Read 3747 times)

TrumpetPower!

  • 1D Mark IV
  • ******
  • Posts: 951
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #15 on: March 26, 2013, 02:33:30 PM »
I have a simple strategy for somebody trying to hijack my camera: I did not buy the 1DX. I got the 5D3! ;)

Well, in fairness, the two are equally hackable. You need an expensive doohickey to enable WiFi on either. Granted, you don't need a doohickey to connect the 1DX to ethernet but you do for the 5DIII, but it's rare for people to physically plug into an insecure network these days. Not that it's a good idea to depend on the security of the network, of course!

But, anyway. My suggestion is to leave all networking of any kind completely turned off unless you have a known-secure physical environment...and that's very rare as far as wireless goes.

In the mean time, if you really need to wirelessly get the pictures to your editor, use a card reader on your laptop. And if you need to remotely control your camera for anything more than infrared shutter release, do it with a single wire physically connecting your camera to the remote control.

It's not as convenient as wireless, sure...but getting hacked is much more inconvenient still.

And, yes. There are people who'll randomly search for anything hackable within range. They won't target you; they'll just get their kicks screwing you over because they can and they like feeling superior as they teach a lesson to those stupid idiots dumb enough to connect a camera to a publicly-accessible network.

Been there, done that, didn't get the T-shirt. Not with cameras, obviously, but with a couple computers a decade and more ago. Believe me, it's not fun, not something you want to clean up after, and nowhere worth the convenience of not having to stretch a wire between your computer and the camera.

Cheers,

b&

canon rumors FORUM

Re: Networkable DSLRs trivially hacked
« Reply #15 on: March 26, 2013, 02:33:30 PM »

c.d.embrey

  • 7D
  • *****
  • Posts: 395
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #16 on: March 26, 2013, 03:08:30 PM »
I love paranoia!! Everything is a disaster just waiting to happen. The internet is great for passing along dis-information and fueling paranoia ... gota love the 'net.

!. Photo Journalists use their smart-phones, not public WiFi, to do their up-loading. Not a problem for a pro. If your not a pro I'm sure your milage does vary :)

2. My GoPro Hero3 has a name (to control multiple cameras) and is password protected. WOW, such Hi-Tech in a $400.00 camera.

TrumpetPower!

  • 1D Mark IV
  • ******
  • Posts: 951
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #17 on: March 26, 2013, 03:31:53 PM »
I love paranoia!! Everything is a disaster just waiting to happen. The internet is great for passing along dis-information and fueling paranoia ... gota love the 'net.

Mr. Pot, please to meet Mr. Kettle.

Quote
!. Photo Journalists use their smart-phones, not public WiFi, to do their up-loading. Not a problem for a pro. If your not a pro I'm sure your milage does vary :)

If you bothered to watch the video, you'd have seen where they showed, for example, a Reuters pool advertisement with most of the cameras with the WiFi module attached. I don't even know how you'd get the pictures from your camera to your smart phone, or why you'd bother.

Quote
2. My GoPro Hero3 has a name (to control multiple cameras) and is password protected. WOW, such Hi-Tech in a $400.00 camera.

Again, if you had bothered to watch the video, you'd have seen that, yes, the Canon cameras have a "username" and a "password." And a "session ID" and all sorts of other things that, by their names, you'd nominally think would offer security. Thing is, as one would expect from a company that's not yet been publicly burned by a lapse in security, it's all so much window dressing that doesn't even pretend, behind the scenes, to actually do anything to secure the camera.

I have no clue if the GoPro is any better or worse in this regard. If I had to guess, I'd suggest it's probably about the same.

And this isn't at all paranoia. There is a very long history of all sorts of nasty things happening from lack of security. Hell, it was even a major news story a few years back when poor security caused a vice presidential candidate to lose control over her email account, and there's constant stories of somebody famous's cell phone being hacked and the contact list making the news in the tabloids, all those sorts of things.

The only reason the tabloids aren't using this to steal photos off of each others's cameras is because it's so new that cameras have their own built-in WiFi hotspots that it's only now that it's occurring to people that maybe they haven't been secured.

I wouldn't at all be surprised if there's a story that makes the evening news sometime in the next six months about a camera being hacked using the exact flaws the researchers in the video have discovered. Probably sooner, now that the cat's out of the bag.

One thing I can guarantee you: no way, no how does Pete Souza have WiFi turned on on any of his cameras today.

Cheers,

b&

Skirball

  • Canon 70D
  • ****
  • Posts: 313
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #18 on: March 26, 2013, 03:43:48 PM »
I wouldn't at all be surprised if there's a story that makes the evening news sometime in the next six months about a camera being hacked using the exact flaws the researchers in the video have discovered. Probably sooner, now that the cat's out of the bag.

Would that be before, or after, the piece on the waterskiing squirrel?

c.d.embrey

  • 7D
  • *****
  • Posts: 395
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #19 on: March 26, 2013, 03:44:46 PM »



If you bothered to watch the video, ...

Not a valid address.

Quote
Again, if you had bothered to watch the video,..

Again, not a valid address.

Have a nice say :)




cayenne

  • 1D X
  • *******
  • Posts: 1201
    • View Profile
Re: EOS-1DX: Can be hacked into a spying device?
« Reply #20 on: March 26, 2013, 04:03:02 PM »
It seems we're in a hurry in the world to make everything wireless, from medical devices to cameras...yet, the time isn't being taken to secure or encrypt the transmissions.  Your own camera spying on you? Remote control heart attack by messing with someones pacemaker?

You need to stop watching so much Homeland and crime dramas.  And yes, I've read the articles and the crap spewed by Barnaby Jack, it's still just fodder for sensationalists.

Hmm...I've never seen Homeland, and I'm going to have to Google who Barnaby Jack is after I post this....

But I do work in tech, and I do have work in the security areas, and know a bit about penetration testing. This all isn't just sensationalism.

C

TrumpetPower!

  • 1D Mark IV
  • ******
  • Posts: 951
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #21 on: March 26, 2013, 04:03:20 PM »
If you bothered to watch the video, ...

Not a valid address.

Sorry 'bout that. The Canon Rumors forum does weird things to links. I've just fixed it, but you also could have copy / pasted the text of the link....

b&

canon rumors FORUM

Re: Networkable DSLRs trivially hacked
« Reply #21 on: March 26, 2013, 04:03:20 PM »

Rienzphotoz

  • Canon EF 300mm f/2.8L IS II
  • *******
  • Posts: 3321
  • Peace unto all ye Canon, Nikon & Sony shooters
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #22 on: March 26, 2013, 04:13:37 PM »
Interesting, thanks for sharing ... but, if I am not wrong, I don't think most photographers would be concerned with it.
I use 5D MK III with CamRanger for my WiFi needs and it is secured with a password, so me not worried  ;D
Canon 5DMK3 70D | Nikon D610 | Sony a7 a6000 | RX100M3 | 16-35/2.8LII | 70-200/2.8LISII | 100/2.8LIS | 100-400LIS | 40/2.8 | 50/1.4 | 85/1.8 | 600EX-RTx2 | ST-E3-RT | 24/3.5 T-S | 10-18/4 OSS 16-50 | 24-70/4OSS | 55/1.8 | 55-210 OSS | 70-200/4 OSS | 28-300VR | HVL-F43M | GoPro Black 3+ & DJI Phantom

bvukich

  • Spam Assassin
  • Administrator
  • 5D Mark III
  • *****
  • Posts: 726
    • View Profile
    • My (sparse) ZenFolio Site
Re: Networkable DSLRs trivially hacked
« Reply #23 on: March 26, 2013, 04:35:53 PM »
Correct video link:
Shmoocon 2013 - Paparazzi Over IP Small | Large

cayenne

  • 1D X
  • *******
  • Posts: 1201
    • View Profile
Re: Networkable DSLRs trivially hacked
« Reply #24 on: March 26, 2013, 09:29:11 PM »
Interesting, thanks for sharing ... but, if I am not wrong, I don't think most photographers would be concerned with it.
I use 5D MK III with CamRanger for my WiFi needs and it is secured with a password, so me not worried  ;D
Well, I'm curious if that password makes for an encrypted connection...or not?

If not, would be trivial to do a man-in-the-middle attack, and gain info and access....

canon rumors FORUM

Re: Networkable DSLRs trivially hacked
« Reply #24 on: March 26, 2013, 09:29:11 PM »