Users’ desire to share things online has influenced many markets, including the digital camera one.
Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them.
But, as proven by Daniel Mende and Pascal Turbing, security researchers with German-based IT consulting firm ERNW, these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices.
Mende and Turbing chose to compromise Canon’s EOS-1D X DSLR camera an exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it.
In this presentation from Shmoocon 2013, they explained in detail how they managed to mount the attacks, and have also offered advice for users on how to secure their cameras and connections against these and similar attacks.
Daniel Mende is a German security researcher specialized on network protocols and technologies. He’s well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks and has presented on protocol security at many occasions including Troopers, Blackhat, CCC, IT Underground and ShmooCon. Usually he releases a new tool when giving a talk.
Pascal Turbing is a network geek, auditor and penetration tester who loves to explore network devices, protocols, applications and to break flawed ones.