Skip to main content

Canon issues firmware for EOS-1D and 5D cameras at risk of malware attack

Canon issues firmware for EOS-1D and 5D cameras at risk of malware attack
(Image credit: Canon)

In the wake of last month's report that 30 Canon cameras are at risk of malware attack, the manufacturer has issued firmware updates for two of its key product lines, encompassing the popular Canon EOS 5D Mark IV and 1D X Mark II.

These updates should protect users of current 1D and 5D systems from the security threat, which also potentially impacts every camera that uses the popular Picture Transfer Protocol (PTP). 

• Read more: Security alert issued – 30 cameras at risk of malware attack (opens in new tab)

"An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates," notes the manufacturer (opens in new tab)

"Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network."

The Canon EOS 5D Mark IV has been patched, but other cameras remain vulnerable – especially over Wi-Fi

The Canon EOS 5D Mark IV has been patched, but other cameras remain vulnerable – especially over Wi-Fi (Image credit: Canon)

Canon has now released firmware for the following cameras to address the issue:

Canon EOS-1D X (Version 1.2.1 is available for download (opens in new tab))
Canon EOS-1D X Mark II (Version 1.1.7 is available for download (opens in new tab))
Canon EOS-1D C (Version 1.4.2 is available for download (opens in new tab))
Canon EOS 5D Mark III (Version 1.3.6 is available for download (opens in new tab))
Canon EOS 5D Mark IV (Version 1.2.1 is available for download (opens in new tab))
Canon EOS 5DS (Version 1.1.3 is available for download (opens in new tab))
Canon EOS 5DS R (Version 1.1.3 is available for download (opens in new tab))
Canon EOS 80D (Version 1.0.3 is available for download (opens in new tab) – already released) 

The following affected cameras are currently awaiting firmware corrections:

Canon EOS 6D
Canon EOS 6D Mark II
Canon EOS 7D Mark II 
Canon EOS 70D
Canon EOS M10
Canon EOS M100
Canon EOS M3
Canon EOS M5
Canon EOS M50
Canon EOS M6
Canon EOS R
Canon EOS RP
Canon EOS Rebel SL2
Canon EOS Rebel SL3
Canon EOS Rebel T6
Canon EOS Rebel T6i
Canon EOS Rebel T6s
Canon EOS Rebel T7
Canon EOS Rebel T7I
Canon PowerShot G5X Mark II
Canon PowerShot SX70 HS
Canon PowerShot SX740 HS

As discussed in our earlier story (opens in new tab), this is not a Canon-specific issue – any camera that uses the PTP protocol is potentially affected by the same security risk.

"While the Canon EOS 80D was the one tested in this demonstration, we do believe that similar implementation vulnerabilities could be found in other vendors as well, potentially leading to the same critical results in any digital camera," we were told by Eyal Itkin, researcher for Check Point, which discovered the vulnerabilities.

At present, there have been no confirmed reports of malicious activity or attacks due to the security holes in the PTP. However, Canon has issued a number of workarounds – which should also help protect users of any affected camera, Canon or otherwise:

  • Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
  • Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
  • Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
  • Disable the camera’s network functions when they are not being used.
  • Download the official firmware from Canon’s website when performing a camera firmware update.

Read more: 

Security alert issued for 30 cameras: Canon and Olympus respond (opens in new tab)
Verbatim Fingerprint Secure Hard Drive (opens in new tab) protects and encrypts your data
Canon EOS R hacked (opens in new tab): Magic Lantern “successfully loaded”

Thank you for reading 5 articles this month* Join now for unlimited access

Enjoy your first month for just £1 / $1 / €1

*Read 5 free articles per month without a subscription

Join now for unlimited access

Try first month for just £1 / $1 / €1

The editor of Digital Camera World, James has 21 years experience as a magazine and web journalist and started working in the photographic industry in 2014 (as an assistant to Damian McGillicuddy, who succeeded David Bailey as Principal Photographer for Olympus). In this time he shot for clients as diverse as Aston Martin Racing, Elinchrom and L'Oréal, in addition to shooting campaigns and product testing for Olympus, and providing training for professionals. This has led him to being a go-to expert for camera and lens reviews, photographic and lighting tutorials, as well as industry analysis, news and rumors for publications such as Digital Camera Magazine (opens in new tab)PhotoPlus: The Canon Magazine (opens in new tab)N-Photo: The Nikon Magazine (opens in new tab)Digital Photographer (opens in new tab) and Professional Imagemaker, as well as hosting workshops and demonstrations at The Photography Show (opens in new tab). An Olympus and Canon shooter, he has a wealth of knowledge on cameras of all makes – and a fondness for vintage lenses and instant cameras.