UPDATE 3 – 21/11/19: Canon Japan has released a further ten countermeasure firmware updates for affected cameras via its Japanese website, and identified three newly released cameras since the security alert was issued that are also at risk: the Canon EOS 77D, M6 Mark II and M2. The new firmware and newly affected cameras have been updated below.
UPDATE 2 – 16/09/19: Canon has released firmware updates for seven additional cameras (updated below), and issued guidelines on how to protect against attack.
UPDATE 1 – 31/08/19: Following our initial story, we reached out to each of the major camera manufacturers for their response. At present, two of the brands have sent official statements.
Canon: "We are planning to release corrected firmware for each model identified on our site but at this point I don’t have any further information on timings."
Olympus: "We are currently investigating the effects on our products. As soon as we know the details, we will take necessary action in order to ensure that our customers can use our products safely."
We also conferred with Check Point, which confirmed that all cameras using the protocol in question could be affected – not just Canon.
"We focused on Canon as a test case, as they have the largest market share. However, the Picture Transfer Protocol is standardized and supported by all digital cameras, regardless of the vendor," said Check Point researcher, Eyal Itkin.
"While the Canon EOS 80D was the one tested in this demonstration, we do believe that similar implementation vulnerabilities could be found in other vendors as well, potentially leading to the same critical results in any digital camera."
ORIGINAL STORY: In a serious cybersecurity alert, 30 Canon cameras have been found susceptible to critical vulnerabilities via both Wi-Fi and USB connections.
The affected camera models are at risk of being infected by ransomware and malware, whereby cyber-attackers can hold photographs and videos taken on the camera to ransom.
The vulnerabilities were discovered by cybersecurity firm Check Point, which alerted Canon about the problem affecting every product category across its mirrorless, DSLR and compact camera lines.
Check Point singled out the Canon EOS 80D, releasing a video demonstrating how easy it is to exploit holes in the standard Picture Transfer Protocol (used to transfer files from cameras to PCs) to infect the camera and computer.
Given that the protocol is standardized and embedded in other camera brands, Check Point believes similar vulnerabilities can be found in cameras from other vendors as well. As such, we recommend visiting the support section of the website for your camera to see if a firmware update is available.
Canon immediately released a product advisory, along with a firmware update for the 80D. It also confirmed that 33 of its cameras are similarly susceptible to attack, from professional bodies like the Canon EOS 1-DX Mark II to the Canon EOS R to the Canon PowerShot G5X Mark II.
The affected Canon products – for which the manufacturer will issue firmware updates to patch the issue – are as follows:
Canon EOS-1D X (Version 1.2.1 is available for download)
Canon EOS-1D X Mark II (Version 1.1.7 is available for download)
Canon EOS-1D C (Version 1.4.2 is available for download)
Canon EOS 5D Mark III (Version 1.3.6 is available for download)
Canon EOS 5D Mark IV (Version 1.2.1 is available for download)
Canon EOS 5DS (Version 1.1.3 is available for download)
Canon EOS 5DS R (Version 1.1.3 is available for download)
Canon EOS 6D (Version 1.1.9 from Canon Japan)
Canon EOS 6D Mark II (Version 1.0.5 from Canon Japan)
Canon EOS 7D Mark II (Version 1.1.3 from Canon Japan)
Canon EOS 70D (Version 1.1.3 from Canon Japan)
Canon EOS 80D (Version 1.0.3 is available for download)
Canon EOS M10
Canon EOS M100
Canon EOS M3
Canon EOS M5
Canon EOS M50 / Kiss M (Version 1.0.3 from Canon Japan)
Canon EOS M6
Canon EOS R
Canon EOS RP
Canon EOS Rebel SL2 / 200D / Kiss X9
Canon EOS Rebel SL3 / 250D / Kiss X10 (Version 1.0.2 from Canon Japan)
Canon EOS Rebel T6 / 1300D / Kiss X80
Canon EOS Rebel T6i / 750D / Kiss X8i
Canon EOS Rebel T6s / 760D / 8000D (Version 1.0.1 from Canon Japan)
Canon EOS Rebel T7 / 2000D / Kiss X90
Canon EOS Rebel T7i / 800D / Kiss X9i
Canon PowerShot G5 X Mark II
Canon PowerShot SX70 HS (Version 1.1.1 from Canon Japan)
Canon PowerShot SX740 HS (Version 1.0.2 from Canon Japan)
Newly affected models as of 21 November 2019:
Canon EOS 77D / 9000D
Canon EOS M6 Mark II (Version 1.0.1 from Canon Japan)
Canon EOS M2
“Any ‘smart’ device, including
DSLR cameras, are susceptible to attacks,” said Eyal Itkin, Security Researcher, Check Point Software Technologies. “Cameras are no longer just connected via USB, but to WiFi networks and their surrounding environment.
"This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. Hackers could then hold peoples’ precious photos and videos hostage until the user pays a ransom for them to be released.”
Canon is keen to stress that there have been no cases thus far where the vulnerabilities have resulted in malicious activity:
"At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue."
Again, we should stress that this is not necessarily a Canon-specific issue, as it is the Picture Transfer Protocol itself (rather than the cameras) that exhibits the security flaw. Photographers should remain vigilant and check for security updates from the manufacturers of their equipment.
Full technical details of the investigation can be found on the Check Point website.