UPDATE 2 – 16/09/19: Canon has released firmware updates for seven additional cameras (updated below), and issued guidelines on how to protect against attack.
UPDATE 1 – 31/08/19: Following our initial story, we reached out to each of the major camera manufacturers for their response. At present, two of the brands have sent official statements.
Canon: "We are planning to release corrected firmware for each model identified on our site but at this point I don’t have any further information on timings."
Olympus: "We are currently investigating the effects on our products. As soon as we know the details, we will take necessary action in order to ensure that our customers can use our products safely."
We also conferred with Check Point, which confirmed that all cameras using the protocol in question could be affected – not just Canon.
"We focused on Canon as a test case, as they have the largest market share. However, the Picture Transfer Protocol is standardized and supported by all digital cameras, regardless of the vendor," said Check Point researcher, Eyal Itkin.
"While the Canon EOS 80D was the one tested in this demonstration, we do believe that similar implementation vulnerabilities could be found in other vendors as well, potentially leading to the same critical results in any digital camera."
ORIGINAL STORY: In a serious cybersecurity alert, 30 Canon cameras have been found susceptible to critical vulnerabilities via both Wi-Fi and USB connections.
The affected camera models are at risk of being infected by ransomware and malware, whereby cyber-attackers can hold photographs and videos taken on the camera to ransom.
The vulnerabilities were discovered by cybersecurity firm Check Point, which alerted Canon about the problem affecting every product category across its mirrorless, DSLR and compact camera lines.
Check Point singled out the Canon EOS 80D, releasing a video demonstrating how easy it is to exploit holes in the standard Picture Transfer Protocol (used to transfer files from cameras to PCs) to infect the camera and computer.
Given that the protocol is standardized and embedded in other camera brands, Check Point believes similar vulnerabilities can be found in cameras from other vendors as well. As such, we recommend visiting the support section of the website for your camera to see if a firmware update is available.
Canon immediately released a product advisory, along with a firmware update for the 80D. It also confirmed that 30 of its cameras are similarly susceptible to attack, from professional bodies like the Canon EOS 1-DX Mark II to the Canon EOS R to the Canon PowerShot G5X Mark II.
The affected Canon products – for which the manufacturer will issue firmware updates to patch the issue – are as follows:
Canon EOS-1D X (Version 1.2.1 is available for download)
Canon EOS-1D X Mark II (Version 1.1.7 is available for download)
Canon EOS-1D C (Version 1.4.2 is available for download)
Canon EOS 5D Mark III (Version 1.3.6 is available for download)
Canon EOS 5D Mark IV (Version 1.2.1 is available for download)
Canon EOS 5DS (Version 1.1.3 is available for download)
Canon EOS 5DS R (Version 1.1.3 is available for download)
Canon EOS 6D
Canon EOS 6D Mark II
Canon EOS 7D Mark II
Canon EOS 70D
Canon EOS 80D (Version 1.0.3 is available for download)
Canon EOS M10
Canon EOS M100
Canon EOS M3
Canon EOS M5
Canon EOS M50
Canon EOS M6
Canon EOS R
Canon EOS RP
Canon EOS Rebel SL2
Canon EOS Rebel SL3
Canon EOS Rebel T6
Canon EOS Rebel T6i
Canon EOS Rebel T6s
Canon EOS Rebel T7
Canon EOS Rebel T7I
Canon PowerShot G5X Mark II
Canon PowerShot SX70 HS
Canon PowerShot SX740 HS
“Any ‘smart’ device, including
DSLR cameras, are susceptible to attacks,” said Eyal Itkin, Security Researcher, Check Point Software Technologies. “Cameras are no longer just connected via USB, but to WiFi networks and their surrounding environment.
"This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. Hackers could then hold peoples’ precious photos and videos hostage until the user pays a ransom for them to be released.”
Canon is keen to stress that there have been no cases thus far where the vulnerabilities have resulted in malicious activity:
"At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue."
Again, we should stress that this is not necessarily a Canon-specific issue, as it is the Picture Transfer Protocol itself (rather than the cameras) that exhibits the security flaw. Photographers should remain vigilant and check for security updates from the manufacturers of their equipment.
Full technical details of the investigation can be found on the Check Point website.