Canon issues firmware for EOS-1D and 5D cameras at risk of malware attack

52

Within the wake of final month’s report that 30 Canon cameras are prone to malware assault, the producer has issued firmware updates for 2 of its key product strains, encompassing the favored Canon EOS 5D Mark IV and 1D X Mark II.

These updates ought to shield customers of present 1D and 5D techniques from the safety menace, which additionally probably impacts each digicam that makes use of the favored Image Switch Protocol (PTP). 

• Learn extra: Safety alert issued – 30 cameras prone to malware assault

“An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates,” notes the manufacturer

“Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.”

Canon issues firmware for EOS-1D and 5D cameras at risk of malware attack

The Canon EOS 5D Mark IV has been patched, however different cameras stay susceptible – particularly over Wi-Fi

(Picture credit score: Canon)

Canon has now launched firmware for the next cameras to deal with the difficulty:

Canon EOS-1D X (Version 1.2.1 is available for download)
Canon EOS-1D X Mark II (Version 1.1.7 is available for download)
Canon EOS-1D C (Version 1.4.2 is available for download)
Canon EOS 5D Mark III (Version 1.3.6 is available for download)
Canon EOS 5D Mark IV (Version 1.2.1 is available for download)
Canon EOS 5DS (Version 1.1.3 is available for download)
Canon EOS 5DS R (Version 1.1.3 is available for download)
Canon EOS 80D (Version 1.0.3 is available for download – already launched) 

The next affected cameras are at the moment awaiting firmware corrections:

Canon EOS 6D
Canon EOS 6D Mark II
Canon EOS 7D Mark II 
Canon EOS 70D
Canon EOS M10
Canon EOS M100
Canon EOS M3
Canon EOS M5
Canon EOS M50
Canon EOS M6
Canon EOS R
Canon EOS RP
Canon EOS Insurgent SL2
Canon EOS Insurgent SL3
Canon EOS Insurgent T6
Canon EOS Insurgent T6i
Canon EOS Insurgent T6s
Canon EOS Insurgent T7
Canon EOS Insurgent T7I
Canon PowerShot G5X Mark II
Canon PowerShot SX70 HS
Canon PowerShot SX740 HS

As mentioned in our earlier story, this isn’t a Canon-specific concern – any digicam that makes use of the PTP protocol is probably affected by the identical safety danger.

“While the Canon EOS 80D was the one tested in this demonstration, we do believe that similar implementation vulnerabilities could be found in other vendors as well, potentially leading to the same critical results in any digital camera,” we had been advised by Eyal Itkin, researcher for Verify Level, which found the vulnerabilities.

At current, there have been no confirmed experiences of malicious exercise or assaults because of the safety holes within the PTP. Nevertheless, Canon has issued numerous workarounds – which must also assist shield customers of any affected digicam, Canon or in any other case:

  • Make sure the suitability of security-related settings of the units linked to the digicam, such because the PC, cellular machine, and router getting used.
  • Don’t join the digicam to a PC or cellular machine that’s being utilized in an unsecure community, corresponding to in a free Wi-Fi setting.
  • Don’t join the digicam to a PC or cellular machine that’s probably uncovered to virus infections.
  • Disable the digicam’s community capabilities when they aren’t getting used.
  • Obtain the official firmware from Canon’s web site when performing a digicam firmware replace.

Safety alert issued for 30 cameras: Canon and Olympus reply
Verbatim Fingerprint Safe Onerous Drive protects and encrypts your knowledge
Canon EOS R hacked: Magic Lantern “efficiently loaded”