Hackers can now encrypt your DSLR

Comments

  • Ton14Ton14 Posts: 450Member
    edited August 12
    Yep @Killerbob , this is the WiFi connection. Vulnerabilities everywhere, this will not be the last one. Phones with the Qualcomm 835 and 845 can be hacked via WiFi also, August Android security patch is on the way now, they know this one already for a year.

    This is the reason why I never use the WiFi on my phone, only the data connection. Waiting for the moment that hackers can switch my WiFi on .... pffffff .....

    Disclosure Timeline

    31 March 2019 – Vulnerabilities were reported to Canon.
    14 May 2019 – Canon confirmed all of our vulnerabilities.
    From this point onward, both parties worked together to patch the vulnerabilities.
    08 July 2019 – We verified and approved Canon’s patch.
    06 August 2019 – Canon published the patch as part of an official security advisory.

    The relevant Common Vulnerabilities and Exposures (CVE) information is now also known;

    - CVE-2019-5994
    - CVE-2019-5995
    etc.

    The original article provides an interesting insight into how each CPU contributes to successfully infecting the EOS 80d. Canon send e-mails to there customers with a firmware update.
    Post edited by Ton14 on
    User Ton changed to Ton14, Google sign in did not work anymore
  • PB_PMPB_PM Posts: 4,005Member
    Solution is simple, leave the WIFI turned off.
    If I take a good photo it's not my camera's fault.
  • PB_PMPB_PM Posts: 4,005Member
    edited August 13
    Ton14 said:


    This is the reason why I never use the WiFi on my phone, only the data connection. Waiting for the moment that hackers can switch my WiFi on .... pffffff .....

    That’s no safer, do some research, data connections are easily intercepted between the phone and the tower. Hackers can even take over towers and filter data as they see fit.
    Post edited by PB_PM on
    If I take a good photo it's not my camera's fault.
  • Ton14Ton14 Posts: 450Member
    @PB_PM Yes I did some research, Not public WiFi, not Data, so the only total secure solution is not to buy or use a mobile phone, or is there another possibility?
    User Ton changed to Ton14, Google sign in did not work anymore
  • PistnbrokePistnbroke Posts: 1,837Member
    If you turn off the wifi and don't connect to the computer by cable I think you are OK.#Canon have put out an advisory on this today.
  • PB_PMPB_PM Posts: 4,005Member
    Ton14 said:

    @PB_PM Yes I did some research, Not public WiFi, not Data, so the only total secure solution is not to buy or use a mobile phone, or is there another possibility?

    If it is on the internet it can be hacked, no way around it. If humans can build it, they can take it down. Even if someone doesn’t get you directly, they could still get your information from companies you deal with online. A wired connection is safer than wireless, until it leaves your home anyway. Nothing is 100%, but you can minimize your footprint with VPNs, and such. Basically the best defence is to be as obscure as possible.

    In the modern world, at least in the west, it would be tough to not use the internet, because even if you don’t the businesses you use do. I mean you could live in a hut in the woods, but that wouldn’t be much fun long term.
    If I take a good photo it's not my camera's fault.
  • NSXTypeRNSXTypeR Posts: 2,084Member
    edited August 15
    Whew, thank god I shoot with a D7000 that's too old for this sort of shenanigans. And no, I'm not buying the WiFi dongle for it.

    To be truly safe, you'd have to use a VPN for mobile data.
    Post edited by NSXTypeR on
    Nikon D7000/ Nikon D40/ Nikon FM2/ 18-135 AF-S/ 35mm 1.8 AF-S/ 105mm Macro AF-S/ 50mm 1.2 AI-S
  • tc88tc88 Posts: 344Member
    And you trust the VPN companies? Have you looked into who own those companies?
  • PB_PMPB_PM Posts: 4,005Member
    No more than I trust my ISP, which doesn't say much...
    If I take a good photo it's not my camera's fault.
  • NSXTypeRNSXTypeR Posts: 2,084Member
    edited August 16
    tc88 said:

    And you trust the VPN companies? Have you looked into who own those companies?

    You really don't have a choice. You're only truly safe is if you disconnect from the internet completely.

    Ironically, my cousin just bought a new LG refrigerator that connects to wifi and can tell you how often people are opening the doors and the current temperature of the inside. For me that's totally unnecessary. Besides, I'd never want ransomware to hold my ice cream hostage.
    Post edited by NSXTypeR on
    Nikon D7000/ Nikon D40/ Nikon FM2/ 18-135 AF-S/ 35mm 1.8 AF-S/ 105mm Macro AF-S/ 50mm 1.2 AI-S
  • mhedgesmhedges Posts: 1,242Member
    I wonder if this is related to how Canon cameras have always been less “secure” than Nikon, meaning that there have been mods to Canon firmware out for ages but nothing similar on Nikons.

    Anyway to me this is something they should fix, but I wouldn’t lose any sleep over it. It’s such a specific exploit that I can’t see it being worth anyone’s time to make use of it.
  • NSXTypeRNSXTypeR Posts: 2,084Member
    mhedges said:

    I wonder if this is related to how Canon cameras have always been less “secure” than Nikon, meaning that there have been mods to Canon firmware out for ages but nothing similar on Nikons.

    Anyway to me this is something they should fix, but I wouldn’t lose any sleep over it. It’s such a specific exploit that I can’t see it being worth anyone’s time to make use of it.

    Agreed. You'd have to know that the photographer happens to have WiFi on and is using a Canon camera and has images worth paying up for. The average consumer might just toss the camera out. It's a lot of work and coincidences and stars to line up to maybe get a payout on. Unless you happen to hack Vincent Laforet's camera and he happened to just wrap up a shoot, I don't think anyone is going to have images worth paying up for. Plus, he might honestly already have backups of the images made.
    Nikon D7000/ Nikon D40/ Nikon FM2/ 18-135 AF-S/ 35mm 1.8 AF-S/ 105mm Macro AF-S/ 50mm 1.2 AI-S
  • PB_PMPB_PM Posts: 4,005Member
    edited August 19
    To make matters even worse on Friday it was discovered that all Bluetooth devices (regardless of version) have a vulnerability that allows hackers to intercept any information transferred between Bluetooth devices. It's a vulnerability in the Bluetooth standard, so the device manufacturer doesn't matter.

    What does this mean to Nikon camera users? Any Nikon devices equipped with Bluetooth (any Snapbridge enabled camera) are vulnerable unless Nikon provides a firmware update, which at this point would only mitigate, not completely fix the problem. Right now the only solution is not to use Bluetooth. Hackers could use the bluetooth on the camera to intercept the WIFI password for your camera, since Nikon uses bluetooth to enable faster WIFI connection and more.
    Post edited by PB_PM on
    If I take a good photo it's not my camera's fault.
  • mhedgesmhedges Posts: 1,242Member
    Do they use Bluetooth for image transfer? I thought it only used WiFi for that.
  • PB_PMPB_PM Posts: 4,005Member
    I doubt they use it for image transfer, bluetooth would be extremely slow for that purpose.
    If I take a good photo it's not my camera's fault.
  • mhedgesmhedges Posts: 1,242Member
    I'm not clear what they use bluetooth for, exactly. AFAIK I have only used the Wifi functionality. Maybe bluetooth is used for the GPS/geotagging feature?
  • Capt_SpauldingCapt_Spaulding Posts: 497Member
    I've had a quote from an anonymous IBM engineer on my office door(s) for 25 years. "If you want a secure system, disconnect all the users." True in 2005, truer still now.
  • PB_PMPB_PM Posts: 4,005Member
    edited August 19
    mhedges, Bluetooth is used to aid the WIFI connection, something like NFC I believe. It’s possible that it uses it for GPS data from a phone or tablet.

    I’ve never looked at Nikon’s patents to see if it’s something unique or just something they purchased from another company. That is why I mentioned that it is possible that the camera sends the WIFI password over Bluetooth as part of that process, which would of course expose the password (I sure hope nobody still has it set to the default).
    Post edited by PB_PM on
    If I take a good photo it's not my camera's fault.
  • NSXTypeRNSXTypeR Posts: 2,084Member
    Or you can be me and just shoot with a 10 year old camera and not have to worry about 21st century problems.
    Nikon D7000/ Nikon D40/ Nikon FM2/ 18-135 AF-S/ 35mm 1.8 AF-S/ 105mm Macro AF-S/ 50mm 1.2 AI-S
  • PB_PMPB_PM Posts: 4,005Member
    edited August 20
    Haha, you could even shoot with a 40 year old camera, and not even have to worry about batteries. I don't use the WIFI/Bluetooth myself, so it's always off anyway, since Sanpbridge is only about as useful as the $10 wireless remote anyway.
    Post edited by PB_PM on
    If I take a good photo it's not my camera's fault.
Sign In or Register to comment.