Approve the Cookies
This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies and our Privacy Policy.
OK
Forums  •   • New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear
Guest
Forums  •   • New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear
Register to forums    Log in

 
FORUMS Community Talk, Chatter & Stuff General Photography Talk 
Thread started 13 Aug 2019 (Tuesday) 08:12
Search threadPrev/next
sponsored links (only for non-logged)

Canon DSLRs are Vulnerable to Ransomware

 
kenwood33
Goldmember
2,616 posts
Likes: 26
Joined Jul 2005
     
Aug 13, 2019 08:12 |  #1

https://petapixel.com …somware-update-yours-now/ (external link)

Thoughts?


Gearlist

  
  LOG IN TO REPLY
gossamer88
"something else"
Avatar
2,656 posts
Gallery: 94 photos
Likes: 9250
Joined Aug 2014
Location: NYC
     
Aug 13, 2019 08:28 |  #2

Saw that article as well. Pretty scary. But I never tether and rarely use the WiFi feature. I have a Lightning SD card reader for those days I want to transfer to my iPhone.


EOS R5 | EOS R7 | iPhone 12 Pro
• • •
RF 100-500mm | RF 100-400mm | RF 800mm F11 | RF 600mm F11
RF 24-240mm | RF 50mm 1.8 | RF 35mm 1.8 Macro | RF 16mm 2.8

flickr (external link)

  
  LOG IN TO REPLY
joedlh
Cream of the Crop
Avatar
5,513 posts
Gallery: 52 photos
Likes: 684
Joined Dec 2007
Location: Long Island, NY, N. America, Sol III, Orion Spur, Milky Way, Local Group, Virgo Cluster, Laniakea.
Post edited over 4 years ago by joedlh.
     
Aug 13, 2019 09:16 |  #3

I suppose we should be grateful that some white hat guys found the vulnerability first. In looking at the code snippets, I wonder if a better validation check would be something other than block size. The positive thing is that at least they were checking something. So one can't blame Canon for sloppy programming. In this day and age, the bad guys are more highly motivated (by greed) than the good guys and they're hiring good programmers to do their dirty work. So extreme caution and vigilance are needed.

While I commend Check Point Research for discovering this vulnerability and I can understand why they would want to publicize it for glory, I wonder if it might clue the bad guys in to the reality that there's low hanging fruit in other brands that could be exploited.

What a world! There are days when I think that there is no hope for our species.


Joe
Gear: Kodak Instamatic, Polaroid Swinger. Oh you meant gear now. :rolleyes:
http://photo.joedlh.ne​t (external link)
Editing ok

  
  LOG IN TO REPLY
Left ­ Handed ­ Brisket
Combating camera shame since 1977...
Avatar
9,925 posts
Gallery: 15 photos
Likes: 2398
Joined Jun 2011
Location: The Uwharrie Mts, NC
     
Aug 13, 2019 09:39 |  #4

kenwood33 wrote in post #18909506 (external link)
Thoughts?

Definitely a problem, but probably not one that would be a used on anything but the tinyest scale.

https://research.check​point.com …omware-ing-a-dslr-camera/ (external link)

^^^ the original technical write up on the issue

Anyone that has used Canon's wifi tethered knows that it tears through batteries like a teenage boy tears through a pepperoni pizza. When I use it, i turn it on, directly connect to my phone and then turn it off. No one should be walking around with it on.

I have connected the camera to exactly one wifi network and that was my own when I first got the camera. I use USB tethering with my laptop 99 percent of the time because it is a much better experience. Hard for me to imagine a time where I would connect the camera to a random wifi network.

I don't know about other cameras, but my 6D's range is pretty tiny. An attacker would have to do a good bit of work and then be within a short range of a potential target who had their camera set up to automatically join a network.

This whole thing can be done over USB from an already compromised computer, but that seems like an even more remote possibility.


PSA: The above post may contain sarcasm, reply at your own risk | Not in gear database: Auto Sears 50mm 2.0 / 3x CL-360, Nikon SB-28, SunPak auto 322 D, Minolta 20

  
  LOG IN TO REPLY
kf095
Out buying Wheaties
Avatar
7,484 posts
Gallery: 64 photos
Likes: 1087
Joined Dec 2009
Location: Canada, Ontario, Milton
     
Aug 13, 2019 14:48 |  #5

Reformat flash card, re-apply firmware.

But it is good on Canon to collaborate and provide security check.


M-E and ME blog (external link). Flickr (external link). my DigitaL and AnaLog Gear.

  
  LOG IN TO REPLY
sponsored links (only for non-logged)

789 views & 1 like for this thread, 5 members have posted to it and it is followed by 4 members.
Canon DSLRs are Vulnerable to Ransomware
FORUMS Community Talk, Chatter & Stuff General Photography Talk 
AAA
x 1600
y 1600

Jump to forum...   •  Rules   •  Forums   •  New posts   •  RTAT   •  'Best of'   •  Gallery   •  Gear   •  Reviews   •  Member list   •  Polls   •  Image rules   •  Search   •  Password reset   •  Home

Not a member yet?
Register to forums
Registered members may log in to forums and access all the features: full search, image upload, follow forums, own gear list and ratings, likes, more forums, private messaging, thread follow, notifications, own gallery, all settings, view hosted photos, own reviews, see more and do more... and all is free. Don't be a stranger - register now and start posting!


COOKIES DISCLAIMER: This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies and to our privacy policy.
Privacy policy and cookie usage info.


POWERED BY AMASS forum software 2.58forum software
version 2.58 /
code and design
by Pekka Saarinen ©
for photography-on-the.net

Latest registered member is semonsters
1677 guests, 137 members online
Simultaneous users record so far is 15,144, that happened on Nov 22, 2018

Photography-on-the.net Digital Photography Forums is the website for photographers and all who love great photos, camera and post processing techniques, gear talk, discussion and sharing. Professionals, hobbyists, newbies and those who don't even own a camera -- all are welcome regardless of skill, favourite brand, gear, gender or age. Registering and usage is free.