×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wi-Fi Enabled Digital Cameras Easily Exploitable

Unknown Lamer posted 1 year,23 days | from the say-cheese dept.

Privacy 96

An anonymous reader writes with some news that might make you think twice before getting a network-enabled camera. From the article: "Users' desire to share things online has influenced many markets, including the digital camera one. Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them. But, as proven by Daniel Mende and Pascal Turbing, security researchers with ERNW, these capabilities also have security flaws that can be easily exploited for turning these cameras into spying devices. The researchers chose to compromise Canon's EOS-1D X DSLR camera and exploit each of the four ways it can communicate with a network. Not only have they been able to hijack the information sent from the camera, but have also managed to gain complete control of it."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

96 comments

Excellent! (5, Insightful)

ColdWetDog (752185) | 1 year,23 days | (#43278007)

Now it should be simple to make a smartphone app to control the camera. Before, you had to get the API from the manufacturer, sign an NDA, often pay money and then pour through the poorly documented mess.

Progress!

Re:Excellent! (0)

Anonymous Coward | 1 year,23 days | (#43279643)

I assume you mean pore through as I cannot figure out how one pours documentation.

Re:Excellent! (1)

chihowa (366380) | 1 year,23 days | (#43280433)

I assume you mean pore through as I cannot figure out how one pours documentation.

The documentation is poor. As you're poring through it, you see all of the gaps in their coverage. It's those gaps that you pour through.

Re:Excellent! (0)

Anonymous Coward | 1 year,23 days | (#43280753)

So if you're intently studying information that poured through inadequate documentation, would that be a poor pour pore?

Re:Excellent! (1)

bwcbwc (601780) | 1 year,23 days | (#43281251)

You can only pour through the gaps after your brain has been turned to mush by the unintelligible documentation. This could take some time.

Re:Excellent! (1)

Krojack (575051) | 1 year,23 days | (#43280599)

Yeah, I've been using DSLR Controller [google.com] to control my Canon T3i via my tablet (USB) for some time. It's pretty clumsy having to deal with a cable but I would rather do that then have my camera support wireless.

Re:Excellent! (0)

Anonymous Coward | 1 year,23 days | (#43280309)

Now it should be simple to make a smartphone app to control the camera

You won't get a clue how from the worthless FA. It says little more than tha summary.

In this presentation from Shmoocon 2013, they explained in detail how they managed to mount the attacks, and have also offered advice for users on how to secure their cameras and connections against these and similar attacks.

No links to this information whatever. This is the lamest "tech" article I've seen. A site called "help net security" should tell you how the attacks were done and how to mitigate them.

Epic fail, whoever submitted this loser article (probably its lame author) should be ashamed of him/herself.

Toxic content (5, Funny)

Anonymous Coward | 1 year,23 days | (#43278085)

Hijacking thousands of vacation pictures may prove fatal to the pirates who steal them, contracting terminal boredom. Meanwhile, spies and celebrities should avoid using cameras with remote access vulnerabilities

Re:Toxic content (2)

geekmux (1040042) | 1 year,23 days | (#43279253)

Hijacking thousands of vacation pictures may prove fatal to the pirates who steal them, contracting terminal boredom. Meanwhile, spies and celebrities should avoid using cameras with remote access vulnerabilities

Uh, are you sure about celebrities? I heard Kim Kardashian is coming out with her own signature series camera. Apparently it's got some pretty cool features, including a free exclusive contract with a top director in the adult film industry...

Editors are people who EDIT! (0, Insightful)

Anonymous Coward | 1 year,23 days | (#43278105)

An anonymous reader writes with some grammar that might make you think twice before thinking slashdot has editors. From the article:

Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them in order to be able to upload and share photos and videos as soon as they take them.

We can achieve cameras by adding SD cards? What?

look up ezshare SD cards (0)

Anonymous Coward | 1 year,23 days | (#43278169)

they have wifi built in to the card, you can connect to it from a browser to upload/download files

There are a couple other brands as well

Re:Editors are people who EDIT! (4, Informative)

YrWrstNtmr (564987) | 1 year,23 days | (#43278175)

We can achieve cameras by adding SD cards? What?

We can achieve adding Wi-Fi capabilities to cameras by adding an SD card, yes.
Eye-fi [www.eye.fi]. And yes, mine works quite well.

Re:Editors are people who EDIT! (0)

Anonymous Coward | 1 year,23 days | (#43280307)

He was complaining about the grammar. There are so many things wrong with the sentence, it is difficult to know where to begin:

"Newer cameras increasingly sport built-in Wi-Fi capabilities or allow users to add SD cards to achieve them [...]"

You can't achieve "WiFi Capabilities". It's not a device that can learn. You meant to say add SD cards to allow users to achieve them, but even that is awkward.
( and BTW, Inanimate objects don't usually "sport" something, people do. When applied to an inanimate object, it's usually hand-in-hand with some element of personification. )

A better choice might have been to say "Users increasingly sport Cameras with Wi-FI connectivity by SD card Wi-Fi additions or via built-in Wi-Fi on newer cameras."

TMYK

Re:Editors are people who EDIT! (0)

Anonymous Coward | 1 year,23 days | (#43280797)

My personal experience with the Eye-fi was a nightmare.

It was horrible to configure with their shitty UI, the actual card upload seemingly when it wants to, connection to the wifi network was spotty at best, and their interpretation of easy-to-use was.. shall we say.. generous.

Re:Editors are people who EDIT! (1)

YrWrstNtmr (564987) | 1 year,23 days | (#43282073)

Yes, their UI is a bit twisted. But I've put about 3,500 pics through mine (7,000 if you count RAW+jpg) with few issues.

Re:Editors are people who EDIT! (0)

Anonymous Coward | 1 year,23 days | (#43280261)

Dumbass. The submitter was entirely correct, you just don't know what you're talking about. These memory cards have been around for ages.

Security never was a concern (3, Interesting)

Nyder (754090) | 1 year,23 days | (#43278109)

The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible. Spending money on securing the add features that consumers want (ie. wifi) cuts into the bottom line.

Will it stop consumers from buying the models? My guess is no.

What will the camera makers do? Make a new model, same as the old model, but with added security features. Of course, you will pay 50% more for the new "model".

Re:Security never was a concern (2, Insightful)

Anonymous Coward | 1 year,23 days | (#43278121)

The build COST on a 1D-X is nearly $4000USD. Cutting corners in software was not high on the list.

Re:Security never was a concern (0)

Anonymous Coward | 1 year,23 days | (#43278165)

eye-fi sd cards, on the other hand, start at about 30-35 bucks... and cameras with built-in networking features, start at less than 100..

Re:Security never was a concern (3, Informative)

m.dillon (147925) | 1 year,23 days | (#43278815)

EYE-FI SD cards are cool, but storage capacities trail what you can get with a straight storage card. So for example you can get a 16G EYE-FI card, but a SanDisk Extreme SDXC card comes in capacities up to 128G.

EYE-FI has other problems, including fairly slow WIFI transfer speeds. WIFI tends to drop out unless you are transferring to a storage device on your belt, and a 4G hotspot setup doesn't work very well when you are taking RAWs. I would not rate EYE-FI as a professional-level product, frankly.

Sometimes quality and dependability trump convenience. My preference is to stick to normal storage cards and not have to worry about some WIFI snafu messing up my ability to take pictures. EYE-FI has its benefits, but it also has a lot of moving parts (software-wise).

-Matt

Re:Security never was a concern (1)

Strider- (39683) | 1 year,22 days | (#43285977)

eye-fi sd cards, on the other hand, start at about 30-35 bucks... and cameras with built-in networking features, start at less than 100..

Sure, but you also fail to realize the point of the wifi/networking for the Canon DSLRs. It isn't just about dumping your photos off the camera in real-time, it also provides full remote control of the camera. For the average consumer, this doesn't mean much, but in certain parts of the professional world, this is a huge deal. Take, for example, an architectural photographer taking a picture of a tight space (say the inside of a bathroom). Remote contorl over the camera lets them stuff the camera into a corner, or some inconspicuous spot, and then set the exposure, focus, etc... from outside the room, thus keeping them out of the picture.

Same thing goes for product photography, though more due to the fine control over the focus you get. Using the remote capture application, you can micro-nudge the focus and see the results live on the display. It's an incredible advance over film, and even earlier digital cameras. Admittedly, most of this can be done over USB, but Wifi/network is the natural progression of this.

Re:Security never was a concern (2)

citizenr (871508) | 1 year,23 days | (#43278237)

Of course it was. $4000 camera, and it still cant manage flash filesystem properly and will corrupt saved files if you insert a card with non continuous space (plug card into computer, delete few random pictures, insert into camera, happy recovery).
Canon, Nikon, Sony and other mayor manufacturers ALL recommend you to
-format card in the camera, not in computer
-never edit/delete files in the camera itself

Re:Security never was a concern (1)

pspahn (1175617) | 1 year,23 days | (#43278399)

Seems simple enough, and is in fact what I've always done, simply by default.

I could see why some people would want to delete photos in the camera, after all, there's a delete button right there... but if you're shooting enough to where you're worried about the space available on the card, you can probably afford a couple extra cards.

Re:Security never was a concern (2, Interesting)

citizenr (871508) | 1 year,23 days | (#43278453)

Yes, delete button is right there, and will happily help you corrupt all of your data on the card, in $4000 camera. Thats the point. Software in those cameras is GARBAGE. Wifi link being open to all kinds of exploits is not really surprising.

btw new ExFAT filesystem brings even more garbage 'someone wrote it and it kinda works, lets not touch this" code to new hi-end cameras.

Re:Security never was a concern (4, Interesting)

Ford Prefect (8777) | 1 year,23 days | (#43278687)

Yes, delete button is right there, and will happily help you corrupt all of your data on the card, in $4000 camera. Thats the point.

What on Earth are you doing with your cameras? I've been deleting unnecessary photos from cameras for years, as well as using the memory cards for general file storage (somehow I still have no USB memory whatsits) - and I've yet to suffer from any file corruption. I do tend to reformat cards that need emptying rather than mass-deleting files, but that's mainly 'cause it's much quicker that way. I've frequently had full cards that I've pruned photos from so I can take some more. (Experience mainly with Canon dSLRs, but also with Fujifilm, Minolta, Panasonic etc.)

I suspect my habit of only buying decent memory cards has caught up with me yet again. :-(

Re:Security never was a concern (3, Informative)

m.dillon (147925) | 1 year,23 days | (#43278723)

I do sometimes delete photos in-camera, usually three or four out of every 100 or so I take, but generally I recommend (and also for myself) NOT to delete photos in-camera because it's easy to miss things you might want to keep when you try to review pictures on such a small display.

But I've never had an issue with any of my Canon's corrupting the SD card.

-Matt

Re:Security never was a concern (1)

hairyfeet (841228) | 1 year,23 days | (#43278837)

Dude it ain't ExFAT, hell you can use any file system and it ain't gonna matter with the shitty software on those cameras. I don't know how many times i've had to try to recover photos because somebody used the delete button....WTF? If its gonna shit itself practically every time you use it, why in satan's balls would they put that button on there in the first place?

as I have told many a customer the delete button should be called "hose your photos NOW" button because a good 9 times out of 10 that is what the stupid thing does.

Re:Security never was a concern (0)

Anonymous Coward | 1 year,23 days | (#43279059)

bullshit

Re:Security never was a concern (3, Informative)

kwbauer (1677400) | 1 year,23 days | (#43279065)

I don't know how many times i've had to try to recover photos because somebody used the delete button....WTF?

Yeah. WTF are you talking about. I've deleted individual photos on camera and on the computer with both Nikon's and Canons. I've even added folders and stored photoshop and word docs on them and put them back in the camera and they work just fine. They simply ignore those files (and folders) and remove the space they use from the available space.

I suggest that the reason you have to recover so many photos is because people, you know, used the delete button and it, you know, performed exactly as advertised: It removed the chosen file from the list of files and added its space back to the free space. Just be glad they didn't implement secure delete functionality.

Re:Security never was a concern (2)

hairyfeet (841228) | 1 year,23 days | (#43279257)

Right me and that other guy just made it up for...why exactly? Or maybe, just maybe, you got lucky or chose a really good model? The Olympus cameras don't seem to have this problem but a LOT of the cameras sold in your B&M stores DO have this problem. Looking at the forums its just as the other guy described it in that their software doesn't know what to make of free blocks in the middle of non free blocks and freaks the hell out.

But just because you haven't seen it, especially when you don't actually work in retail, don't mean squat. Hell I can introduce you to a guy that swears WinME is a great OS because hey! Works for him. Don't mean its a great OS though, just means it works for him. Working computer retail I tend to see things that the average Joe may not run into, like how Win 8 seems to shit itself quite often on low to mid tier laptops. If you never buy low or mid tier? Hell you'd never know it, doesn't seem to happen on the high end systems, just the way it works.

Re:Security never was a concern (2)

Ford Prefect (8777) | 1 year,23 days | (#43279373)

Right me and that other guy just made it up for...why exactly? Or maybe, just maybe, you got lucky or chose a really good model? The Olympus cameras don't seem to have this problem but a LOT of the cameras sold in your B&M stores DO have this problem.

Which manufacturer and camera models suffer from this problem? I'd be interested to know, so I can recommend against them.

(I've helped out with a fair amount of digital camera stuff for friends and relatives, and I've never actually seen a corrupted memory card. Plenty of accidentally deleted photos, one accidentally formatted card, one memory card that was flat-out dead, but no corrupted filesystems.)

Re:Security never was a concern (1)

hairyfeet (841228) | 1 year,22 days | (#43284399)

Never bothered writing down specific make and model but look at any of the non Olympus (as I said, never saw it with their models) that sell for $75-$150 in your local Walmart or Best Buy and then hit their forums and see, its really not that rare an occurrence. Personally I think many of them are buying their software from the same company in who knows where Asia and they have some issues, no different than how when Creative subcontracted their software out to India it went to crap. Not saying all Indian coders suck, just saying the ones Creative used blew chunks.

But like I said working retail 6 days a week I tend to see shit Joe Average may not run into, such as right now I suspect there may be a problem with AMD APU drivers and Win 8 as the only commonality I can find in those low to mid tier laptops that I have to keep doing a "refresh your PC" on with Win 8 seems to be AMD APUs. Maybe its the fact that Win 8 is so GPU heavy, maybe AMD is having trouble with the Win 8 DRM, hell if I know, I'm just a lowly PC shop guy, all I know is that folks buying the high end laptops don't seem to be having nearly as much trouble as those buying the low to mid tier stuff and it AIN'T the hardware, because when I put Win 7 on 'em they purr like fat contented kittens, so its gotta be Win 8.

But I am used to hearing the fanboys of this or that scream "bullshit" because they just don't have to deal with the volume of hardware I do. I usually am the first to know when a hard drive OEM has gotten a bad batch, when the fans they are using on this or that model ain't cutting the mustard, because for every one unit you have to deal with I have to deal with 100, that's just how it is when you have a little PC shop.

Re:Security never was a concern (1)

TheP4st (1164315) | 1 year,23 days | (#43279421)

I use only top quality memory cards and have shot a very large amount of pictures over the years on Nikon D200, D300 and Fujifilm X100, and tend to delete poor quality pictures on spot, but have to date never encountered this problem which lead me to suspect that perhaps many of cases you've seen might be attributed to poor quality memory cards rather than camera firmware, alternatively that I use cameras with better than average firmware. Another possibility could of course also be that in your line of work you encounter these issues on a frequent basis making it seem more prevalent than it really is, after all it probably isn't a common occurrence that you have customers walking in saying "I always delete pics in camera and have never had to do recovery".

I'm not attempting to dispute that you do see this problem frequently, but am genuinely interested in your feedback as your posts made me slightly concerned abut my in camera deleting habit.

Re:Security never was a concern (0)

Anonymous Coward | 1 year,23 days | (#43280129)

Hell, picassa shows over 10,000 pictures on my T3i, and I only use "what' avaiable at the durg store" and routinely delete pictures (That the kids take) on the camera. Never had a problem. Maybe the lower end Cannons have better software.

Re:Security never was a concern (0)

Anonymous Coward | 1 year,23 days | (#43280635)

Maybe the lower end Cannons have better software.

I have the feeling that you interpreted the term "photo shooting" a bit too literally ...

Re:Security never was a concern (0)

Anonymous Coward | 1 year,23 days | (#43282731)

It's the delete on spot that makes the difference and is why You've never seen this issue. Try deleting just one from the middle of 20-30 images and see what in hell happens. The problem occurs because of Non-Contigous Free Space (In other fucking word "FRAGMENTED") that's causing the problem. By deleting the last image taken, you still have unfragmented space available, which these camera's have no problems with.

Re:Security never was a concern (0)

Anonymous Coward | 1 year,23 days | (#43280707)

So buy decent products instead of cheap ones. Really, who gives a fuck if you work retail. Our time is worth more than these people being cheap and then whining that something doesn't work.

tl;dr;
Don't buy cheap shit and this won't be likely to happen to you. If there's a decent product that has this issue, let's discuss that. Geez, what an asshat.

Re:Security never was a concern (2)

Deep Esophagus (686515) | 1 year,23 days | (#43280907)

I have about the cheapest camera you can get, a Kodak® EasyShare® I got at Walmart® three or four years ago for maybe $40 (it was their Black Friday special). Sometimes the lens won't go in and out all the way because it got sand in it. And yet... there has never been any problem with the software. Delete random photos out of a bunch directly on the camera, no problem.

So... if a couple of folks on here say that deleting files has caused file system corruption and a couple of other folks have stated they never saw such problems, who's to say which viewpoint is more common? We'd need a slightly bigger sample size than 5 or 10 self-selected nerds before we could draw any larger scope conclusions from the bit of anecdotal evidence presented here from both sides.

Re:Security never was a concern (1)

hairyfeet (841228) | 1 year,22 days | (#43284485)

Well I can tell you that while the EasyShare tends to have more lens fails from what I've seen (also their docks are kinda iffy) they don't seem to have this problem as much. It still happens, just not as much. Look at the non Olympus models for around $100 at your local Wally World, write down make and model and hit the forums for those cameras and you'll find its not a rare thing. As I answered another poster personally I think they are all subcontracting from the same software firm that has this issue, and as far as the issue goes its just like the other guy wrote, delete from the front or the end? no problems. delete from the middle? BIG problems as the cameras don't seem to like having a chunk of free space in the middle of a bunch of non free.

As for the WHY, fuck if I know, I don't write camera software, I'm just the guy folks hire to fix the problem but if I had to guess something in the software doesn't know how to deal with empty space in the middle and freaks out. I mean its a software bug, they happen, these cameras get cranked out like flapjacks so you know QA ain't gonna be great anyway, i just wish they'd do a little more testing and just not have a delete button on those with this issue.

$4000 production cost? (2)

davidwr (791652) | 1 year,23 days | (#43278357)

Is that the marginal cost of production, the amortized cost of production (i.e. sunk costs spread out over the entire production run), or the amortized costs of production, marketing/sales, support (warranties aren't free, folks), etc.?

Re:Security never was a concern (2)

dgatwood (11270) | 1 year,23 days | (#43279009)

The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible.

I wonder if this exploit is the reason why Canon didn't release a Wi-Fi/GPS-capable EF-S camera body last week (70D, rumored) like just about everybody expected (and like a sizable percentage of Canon DSLR users are holding out for).

It just seems bizarre that such largely consumer-centric features are unavailable except in their pro DSLRs, which won't work with any of their consumer-priced lenses. Only a company with Canon's decades of experience can create a product line so completely upside-down for so many years without getting completely laughed out of the market.

Re:Security never was a concern (1)

walshy007 (906710) | 1 year,23 days | (#43279305)

which won't work with any of their consumer-priced lenses.

Sure it will, the 50mm f/1.8 works quite well, is full framed and sets you back $150.

Re:Security never was a concern (0)

Anonymous Coward | 1 year,23 days | (#43281163)

This. As a 1D-x/6D shooter, I have to admit that the 50/1.8 and 50/1.4 tend to be the most highly used lenses in my bag (for indoor event photography)

There's a stigma with the "cool kids" that if the lens isn't larger than the camera, it must be shitty. I've never given a shit what people think of my camera, it's the output that matters. :P

Re:Security never was a concern (1)

dgatwood (11270) | 1 year,23 days | (#43281809)

The problem is not that you can't get any lenses in a consumer-affordable price range, but rather that many of the EF lenses are dramatically much more expensive for a given angle on a full-frame sensor than an EF-S lens that would produce that same view angle on a crop body.

For example, I frequently find myself using my 10-22mm EF-Szoom lens. Canon's EF equivalent, after compensating for the 1.6x crop, is the 16-35. The 10-22 EF-S costs about $720. The 16-35 costs a jaw-dropping $1450.

Re:Security never was a concern (1)

Strider- (39683) | 1 year,22 days | (#43286163)

For example, I frequently find myself using my 10-22mm EF-Szoom lens. Canon's EF equivalent, after compensating for the 1.6x crop, is the 16-35. The 10-22 EF-S costs about $720. The 16-35 costs a jaw-dropping $1450.

Yes, and optically, the 10-22 is much easier to make, and requires less precision than the 16-35. You're also comparing a consumer grade lens (the 10-22) with L glass. They're two completely different classes of lenses, with completely different performance metrics. It's not just the focal length, but the resolution, flare control (especially at these focal lengths), build quality, and materials.

Re:Security never was a concern (1)

fuzzyfuzzyfungus (1223518) | 1 year,23 days | (#43280203)

The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible..

I suspect that lacking the relevant institutional expertise doesn't help. The camera guys may have some fucking software wizards when it comes to crunching raw sensor data into an agreeable format at high speed, on a weedy little embedded chip, without crushing the battery; but(as Adobe demonstrates about three times a week) image-processing expertise is minimally connected with good software engineering practices, much less security-focused design...

Can anybody think of an industry that went from producing 'it doesn't need to be secure because it's air-gapped by nature' products to networked products without a ghastly trail of fuckups? Personal computers made the shift somewhere in the late 80's/early 90s, and they still aren't adequate, though they are better than they used to be. Industrial and medical embedded systems are still a total wreck, printers are still mostly fucked...

Re:Security never was a concern (1)

dgatwood (11270) | 1 year,23 days | (#43281925)

Embedded industrial and medical devices need to be controlled/monitored remotely, which means that they need open ports. There's no good reason for a camera to have any open ports by default. Thus, assuming they are using a reasonably robust and well-tested OS, the attack surface should be very, very small.

Re:Security never was a concern (1)

fuzzyfuzzyfungus (1223518) | 1 year,23 days | (#43282201)

Oh, I'd be the last to deny that they fucked up here. My point was just that, as best I can see, every previously-not-networked industry manages a period of impressive lousiness and seems to feel some sick need to learn from their own painful mistakes, rather than learning from somebody else's painful mistakes that have already been made. I don't know why.

Re:Security never was a concern (0)

Anonymous Coward | 1 year,23 days | (#43281035)

The makers of the camera's want to produce the cheapest camera for the highest amount of profit possible.

And the "board's" of education want to earn money without teaching kids how to use an apostrophe. Working on your GED, Nyder?

Things that don't need to be connected to the inte (4, Interesting)

jazzdude00021 (2714009) | 1 year,23 days | (#43278123)

Seriously, this is one of them. I love the idea of sharing and all, but we can wait to see your vacation or ...other... pics more than 15 minutes after you take it. A camera does not need to be directly connected to the internet, and all it does is open up potential security flaws. Find a good way to remotely exploit this and next thing you know, you can just take a vacation vicariously, through someone's (unsuspecting) lens. With the way tablets, smartphones etc are going, they can be great and (more) secure gateways to posting things, plus it gives you the chance to *filter* your photos...

Re:Things that don't need to be connected to the i (5, Insightful)

Anonymous Coward | 1 year,23 days | (#43278133)

Interesting, but the article itself mentions a camera body that's meant for professionals who are handed contracts to deliver photos within a time frame following events. (most MAJOR sporting events the photos need to be uploaded from the camera back to a central repo within 4 hours of the event, so they can go to print for the following morning. )

Saving a few minutes here and there is KEY to getting ahead in that industry.

Re:Things that don't need to be connected to the i (1)

nabsltd (1313397) | 1 year,23 days | (#43278621)

(most MAJOR sporting events the photos need to be uploaded from the camera back to a central repo within 4 hours of the event, so they can go to print for the following morning. )

Saving a few minutes here and there is KEY to getting ahead in that industry.

It takes about 10 seconds to remove the memory card and plug it into a tablet/laptop/whatever. Unless you need photos uploaded essentially as you shoot them (which I suspect woudn't work very well at the same time you were taking new pictures), there is no reason to have the camera able to connect to a network.

In addition, it's likely the file transfer software on the tablet/laptop/whatever is far more robust than anything on the camera. This might give you features such as automatic retry, resuming in the middle of a file, etc.

Re:Things that don't need to be connected to the i (5, Informative)

Ford Prefect (8777) | 1 year,23 days | (#43278711)

It takes about 10 seconds to remove the memory card and plug it into a tablet/laptop/whatever. Unless you need photos uploaded essentially as you shoot them (which I suspect woudn't work very well at the same time you were taking new pictures), there is no reason to have the camera able to connect to a network.

You're kind of assuming the photographer is right next to the cameras - professional wireless whatsits (e.g. Nikon [bhphotovideo.com] and Canon [bhphotovideo.com]) are intended for full remote control of multiple cameras. So at a sports event, a photographer might have one down behind the goal with a wide-angle lens, another pointing at the other goal, etc. etc. etc. - all uploading to the photo agency for up-to-the-moment imagery. Newspapers needed things soon, the internet needs it now.

Still decidedly embarrassing if they are so easily compromised, of course.

Re:Things that don't need to be connected to the i (3, Interesting)

Sigg3.net (886486) | 1 year,23 days | (#43279801)

So a devious photographer may create an automated wifi entry and corruption script and fire it up on a critical event, walking away with the only usable money shot.

Re:Things that don't need to be connected to the i (1)

jazzdude00021 (2714009) | 1 year,21 days | (#43304135)

So at a sports event, a photographer might have one down behind the goal with a wide-angle lens, another pointing at the other goal, etc. etc. etc. - all uploading to the photo agency for up-to-the-moment imagery. Newspapers needed things soon, the internet needs it now.

Still decidedly embarrassing if they are so easily compromised, of course.

And now all I have to do is put myself somewhere in range of the remote controlled cameras, find an exploit, publish their photograph first and take credit for it. Much faster and easier than actually doing all the work.

I see where this technology is potentially very useful, but just like compromised "smart meters" and other "smart" appliances, cameras don't need to be a part of the "internet of things" unless you're cool with someone potentially watching everything you do with it.

Re:Things that don't need to be connected to the i (5, Interesting)

fustakrakich (1673220) | 1 year,23 days | (#43278149)

On the contrary. When recording the police, it's best to upload live, so when they steal your camera, they don't get the footage.

Re:Things that don't need to be connected to the i (2)

YrWrstNtmr (564987) | 1 year,23 days | (#43278277)

Eye-fi.
It only talks to networks you have told it about. Ad-hoc to a laptop, or to a wifi router. Via WPA. It does not talk directly to 'the internet', unless you tell it to. It can upload directly to flickr/facebook/etc....if you tell it to. I don't.

I do a lot of macro photography at home , and not having to swap the card between camera and PC is a godsend.

Is it exploitable? Don't know. Maybe.

Now...if I were going to attend an 'event' where my camera might get confiscated, I might have a nearby compatriot with a netbook in his backpack, and the camera continuously talking to it. Not that I'd put myself in that position, though.

Re:Things that don't need to be connected to the i (0)

Anonymous Coward | 1 year,23 days | (#43280729)

Not for professionals. At the winter Olympics in Vancouver, the Olympic Organizing Committee wired most of the venues for WiFi for use by accredited press. Photographers were able to upload photos from the venues to their bureaus almost instantly, from their cameras, at the venue. Sometimes the photos were available online before the athlete finished the event.

Re:Things that don't need to be connected to the i (0)

Anonymous Coward | 1 year,23 days | (#43281373)

I'm waiting for them to create networked 3d printed guns... You can get the plan off the network, print them remotely, and then have them setup and fired - all from your smart phone. I hear that there will soon be a Flash app for that, so, unfortunately iPhone users, you won't be able to take advantage of the latest, greatest upcoming trend.

Re:Things that don't need to be connected to the i (1)

Strider- (39683) | 1 year,22 days | (#43286203)

Seriously, this is one of them. I love the idea of sharing and all, but we can wait to see your vacation or ...other... pics more than 15 minutes after you take it. A camera does not need to be directly connected to the internet, and all it does is open up potential security flaws. Find a good way to remotely exploit this and next thing you know, you can just take a vacation vicariously, through someone's (unsuspecting) lens. With the way tablets, smartphones etc are going, they can be great and (more) secure gateways to posting things, plus it gives you the chance to *filter* your photos...

As I mentioned above, the real point of the wifi link is NOT for sharing the photos. It's to remote control the camera so that you can either control it without touching it (say when doing astro-photography, where simply touching the camera will throw your whole system out of whack), doing tasks that you can't do hands on (Focus micro-adjustments, highly useful when doing product photography), or controlling the camera when it is placed in an otherwise inaccessible location.

The other main use for the wireless dump capability is in the studio... Mom and dad are getting pictures taken of the kids & dog, and this capability allows the photog to dump the photos in real-time to a neighbouring computer, so they can see exactly what's coming out. In either case, the camera itself isn't typically "on the internet"

The (wrong) assumption by Canon is that the camera will only be used on private networks, since in professional situations, that's normally what you would have anyhow.

Been paranoid since the printers got wifi (4, Insightful)

eksith (2776419) | 1 year,23 days | (#43278131)

This trend of making all things that exist wireless can have pretty bad consequences if companies aren't held accountable for what they produce. I'm sorry, it's not hard. It just takes code correctness and some discipline to not take a route only cause it's easy. I'm not naive; I understand being first out of the gate matters, but making that a priority at the cost of some basic security is unacceptable.

If the programmers aren't delivering on time or creating insecure code, then part of the problem may be management. As Scott Adams wrote today, Management exists to minimize the problems created by its own hiring mistakes [dilbert.com]. It's some kind of endmic disease that technical people are expected to push through a product quickly first, securely second.

Re:Been paranoid since the printers got wifi (2)

darkfeline (1890882) | 1 year,23 days | (#43278397)

not hard
code correctness
discipline

I would like to move to your country.

Re:Been paranoid since the printers got wifi (0)

Anonymous Coward | 1 year,23 days | (#43279637)

>I would like to move to your country.

Difficult. La-la-land is not on the map.

Re:Been paranoid since the printers got wifi (0)

Anonymous Coward | 1 year,23 days | (#43279171)

despite what many believe writing good secure code IS HARD. Developers need to be explicitly trained in writing secure code as even a good developer has no clue what to look for in their code and what to avoid when writing code that can be exposed to malicious hacks and even when written by knowledge people with excellent skills in security coding there will still be the inevitable error or newly discovered method to exploit that no one had thought of before. Security coding in things like cameras probably comes down to a cost/risk analysis as to whether it is really worth the very significant investment that ensuring your code stack is relatively secure costs.

Re:Been paranoid since the printers got wifi (0)

Anonymous Coward | 1 year,23 days | (#43279707)

The trick is to get a few programmers, it's "Developers" that are responsible for the crap that passes for software these days.

Re:Been paranoid since the printers got wifi (1)

tlhIngan (30335) | 1 year,23 days | (#43281007)

This trend of making all things that exist wireless can have pretty bad consequences if companies aren't held accountable for what they produce. I'm sorry, it's not hard. It just takes code correctness and some discipline to not take a route only cause it's easy. I'm not naive; I understand being first out of the gate matters, but making that a priority at the cost of some basic security is unacceptable.

Digital cameras are a commodity. For under $150-200 these days (under $100 on sale), you get a pretty decent one, brand name even. It'll take generally fine photos that most people won't complain about. Given the complexity of what's inside, there's not much money to be made (and reparing them when they break's pretty pointless when the latest and greatest also costs under $150-200).

Effectively, the race to the bottom has reached its conclusion and manufacturers are seeking ways to differentiate and have higher-priced offerings where they can make money on, because they aren't making them on those cheap ones.

So if they can add wireless and sell it for 50% more ($300), that makes far more money. But of course, it's built to a price, so things have to be skimped, including proper software development.

Take any other commodity product and you'll see the same - cellphones - Androids come in all shapes and sizes, but they're all generally crap (meant to satisfy the free phone crowd), except for the flagships. But the flagships have to justify their cost, so they throw in everything in them, because today's flagship is next year's high end free phone (see SGS3 going for free with contract).

Generally speaking, races to the bottom are good for consumers, but they come at a cost of losing the intangibles that people don't pay as much attention to - like security. Why waste a man-month hardening down the firmware when you can release it now, save the man-month of labor and make more profit? The public doesn't value a "more secure" camera of a lesser one (even if they could tell the difference).

Other things you may have noticed - 1366x768 screens, Intel integrated graphics in laptops (reversed recently with the push towards ultrabooks and things to make them command the premium pricing).

At first glance,homesecurity looks like a cash cow (4, Funny)

GoodNewsJimDotCom (2244874) | 1 year,23 days | (#43278185)

The cost for web cams and 100' USB cables is like 20$. So give a home 5 security cameras for $100. Hook em up on their computer and have code that records a buffered state so far back. Or if you're concerned about disk space, attach motion sensors to the recording states. Write some software that allows them to check out their house on their smart phone. Installation shouldn't take more than a a few hours.

So if you wanted to start your own security system, you'd be back 100$ for 5 cameras/cables. You'd need to write some code, or have someone write it for you, but this is only a one time cost. And you can charge people 45$/month or a one time fee of 500-700$, and that is way cheaper that what is on the market, and what is on the market doesn't let you check your security cameras from your smart phone.

Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?

Re:At first glance,homesecurity looks like a cash (0)

Anonymous Coward | 1 year,23 days | (#43278293)

There are always problems with installation. Not all modern computers can handle 5 USB webcams, even cheap ones. You'll run into problems like a few of the cameras not being recognized or they'll all run really slowly. The consumers won't want to have their computer on 24x7 and they aren't going to want cables running along their walls. As soon as you start drilling into the walls, at least some will complain about damage. Others won't have the libraries to run your software. You said installation would take a few hours, which sounds like you'll have someone on site doing installation. Meaning you'll have to contract out installation with multiple companies or you'll never be able to scale to anything size worth doing.

Software is not a one time cost. You'll have people asking questions, complaining about bugs (fix them or you'll be killed in reviews. No one buys from no name companies with poor reviews), updates might break your software, everyone has different drivers, etc... Anything with a subscription requires additional software to track all the customers and their payments. You'll need support lines to handle hardware, software, account management, billing, stupid customers, etc...

That's all I'm going to cover. Everything looks good at first glance. You're only looking at the good stuff, most people don't fantasize about the bad things.

Re:At first glance,homesecurity looks like a cash (2)

YrWrstNtmr (564987) | 1 year,23 days | (#43278395)

Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?

The plethora of cheap, standalone, multicam systems by Lorex, Zmodo, etc that already do this.

Re:At first glance,homesecurity looks like a cash (0)

Anonymous Coward | 1 year,23 days | (#43278429)

Ahem. The real value in home security is the monitoring service, not the cameras.

Cameras only let you see what it looked like when the guys in black masks spent hours carting off everything you own (or until they got tired of wearing masks and decided to smash the cameras, and of course I'm assuming that you're also streaming the video somewhere off-site or at least to a very well hidden external drive, because they'd probably also steal your camera computer).

Monitoring services call the police if you don't answer their call and say the password, so the bad guys have to get in and out in a few minutes if they want to avoid being caught red handed.

Re:At first glance,homesecurity looks like a cash (1)

DerekLyons (302214) | 1 year,23 days | (#43278469)

Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?

Reliability, maintainability, installation, liability, insurance, service... pretty much everything in fact.

Re:At first glance,homesecurity looks like a cash (0)

Anonymous Coward | 1 year,23 days | (#43278545)

Please show me these 20 dollar cameras, other than shitty MJPEG stuff. Not horrible CCTV cameras are closer to 100$ (unless they need to be outdoors or vandal resistant). Once we priced everything out the realistic installed cost is more like $1500 to $2000. And lots of stuff, including ours, lets you view video from your smart phone.

Re:At first glance,homesecurity looks like a cash (1)

tlhIngan (30335) | 1 year,23 days | (#43278793)

Well, you can buy a damn nice DVR from Lorex that has it all including hard drive recorder, 4-6 cameras, night lights, and cabling for around $600 all together, or much less. Including PC software to access it over a network, and with the first firewall configuration, using apps on iOS and Android.

And they're nicer higher-definition color cameras at that. Hell, our company replaced an old camera system using Panasonic NTSC cameras and a Windows 98 PC being a DVR (total cost - tens of thousands back in the day) with a $500 Lorex you can get at Costco. Which gives better picture quality, easier access, is more maintainable (that Win98 system was stuck on 98 because it's all that was supported, and couldn't be remotely accessed, etc)., and remotely accessible on the network.

They're dirty cheap.

Oh, and USB has a max cable length of 5m or around 15'. This limit is not signal integrity, but bit timing. The only way around it is active repeaters (i.e., single-port hubs). Even then it's pretty nasty as it's increasing your isochronous latency (cameras are typically isochronous devices that demand fixed bandwidth), so don't be utterly surprised if it completely fails and is touchy and finicky and plugging in another one causes it to go one and come up in pieces.

Since you gotta install the damn thing anyways, getting one from Costco or other retailer saves a lot of time and money.

Re:At first glance,homesecurity looks like a cash (1)

dgatwood (11270) | 1 year,23 days | (#43278809)

The cost for web cams and 100' USB cables is like 20$. ... Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?

Besides the fact that you'll need special hardware to extend USB past 5 meters (about 16 feet), and the fact that the extenders alone will eat that $20?

oblig xkcd (0)

Anonymous Coward | 1 year,23 days | (#43279935)

Home security looks like a cash cow at first glance, what am I missing besides lawyer stuff?

So you're saying you're 5 years [xkcd.com] from release?

anyone have links to the actual presentation? (0)

Anonymous Coward | 1 year,23 days | (#43278191)

Does anyone have a link to the actual presntation or paper? the linked article is just a sensationalist summary.

While I know it's trivial to secure my camera by just turning off wifi when I'm not using it, I am intersted in what they were able to do.

Re:anyone have links to the actual presentation? (0)

Anonymous Coward | 1 year,23 days | (#43278931)

Don't bother viewing the original presentation. The whole shit depends on the user NOT using any form of wireless encryption. Unless I missed something seriously god damned important. ( possible, but not, I hope, too likely. Go lose 60 minutes of YOUR life if you want to be sure. Alcohol may have slightly impaired my abilities. Fuck me if it has. ) While there is a valid scenario, it is really a bullshit article, IMO. http://www.net-security.org/secworld.php?id=14651 [net-security.org] and http://www.youtube.com/watch?feature=player_embedded&v=u7RjJNLnWF8 [youtube.com]\ Photog uses it out of the box, solo. Yup, plausible. Stupid photog, non-important shoot. EndUsers are idiots. No damage. ( well, you know.. ) Photog uses it out of the box, solo. Yup, plausible. Editor uses photos and cares not for source accuracy. EndUsers are idiots. No damage. ( well, you know.. ) Photog uses it out of the box, solo. Yup, plausible. Editor looks at photos and says "WTF" No damage. ( well, you know.. ) Photog uses it out of the box with assistant. "Hey John, Why TF are no photos showing up on our laptop?" Assistant resets connection to camera, calls cops, and/or security, and/or whatever, when it happens over and over. Or better yet, turns off wireless and uses the Spare CF cards that EVERY FRIGGIN PHOTOG CARRIES NEXT TO HIS BALLS to take pics. Uses them to take pics and sends those to his publisher. ( Looking at all of them BEFORE he sends them, if he is fucking 10% clueful. ) Oh yeah, the PUBLISHER LOOKS AT THE PHOTOS ALSO - BEFORE USING THEM. Need I go on? Attack mitigated... FFS Sure, there are scenarios here where this could be a problem. Are any of those scenarios useful if your name is not Ethan Hunt? What is the range of this attack, and the probability of success? I'll shut up now.... Posting anon cause i am a serious asshole. Fuck you all.

Re:anyone have links to the actual presentation? (0)

Anonymous Coward | 1 year,23 days | (#43278939)

And FUCK slashdot not respecting my fucking CRLF when I am drunk off my ass at 2 fucking am fucking PST FFS


Fucking br, really?
Holy Shit, Pass the Aspirin

Was this via Canon or 3rd Party Adaptor? (1)

Anonymous Coward | 1 year,23 days | (#43278287)

I have a 1Dx, and it doesn't come by default with wireless (just gigabit ethernet). Or GPS. You can buy the super expensive Canon adaptors or eyefi adaptors for way cheaper, but the article is pretty light to determine risk. As noted above - mostly concerned will be sports and events photographers who have a workflow involving wireless transmission / post processing, who actually have added the hardware and turned it on.

I th4nk you for your time (-1)

Anonymous Coward | 1 year,23 days | (#43278461)

develo4ment 8odel

Proven? Uh. This was proven a while ago! (0)

Anonymous Coward | 1 year,23 days | (#43278503)

I've seen people showing off footage pulled, in real time, from wifi camera systems IN BANKS up to ten years ago!

All these guys did was turn it into a presentation at Shmoocon.
Nothing new here.

Not unexpected but... (4, Informative)

m.dillon (147925) | 1 year,23 days | (#43278739)

Not unexpected, but its kinda hard to take candid photos from a hijacked camera when the lens cap is on. And those WIFI systems are not generally left on anyhow.

I don't understand why they used a 1Dx though, which would require an external WIFI adapter to even have a WIFI capability. I would be more interested in penetration testing something like the Canon 6D which has the WIFI built-in. I fully expect there to be holes, Canon's WIFI software has always been quite primitive and even the new stuff is still quite primitive.

But if we make enough noise and Canon will fix it in a software update.

Currently I only use the 6D's built-in WIFI to be able to review pictures in-camera from an android tablet... quite a useful feature. I'm not particularly worried about hijacking there since the Camera's WIFI transmitter has rather limited range. And most of the time the WIFI is turned off anyway since it eats the battery otherwise.

-Matt

Re:Not unexpected but... (1)

thegarbz (1787294) | 1 year,23 days | (#43279301)

Not unexpected, but its kinda hard to take candid photos from a hijacked camera when the lens cap is on.

Key point right there. Most DSLRs when not in use spend their time in camera bags with lens caps securely fastened.
Even if they weren't there's no way to point these devices so you're likely to only get a picture of a wall or something similar.

Even if they were stored with the lenscaps off, and even if they were pointed in the right direction, and even if the zoom happens to be set in the right position the action of engaging autofocus and the resulting beep and AF assist lighting coming on, not to mention the resulting loud clang of the mirror flipping up will likely alert a person they are being spied on.

This isn't like a laptop webcam. If you wanted to spy on someone this would be the last vector of attack you'd choose.

Re:Not unexpected but... (2)

djmurdoch (306849) | 1 year,23 days | (#43279571)

Lots of cameras have microphones. Those work with the lens cap on. For example, the Canon EOS M has a stereo mic and WiFi. Since it doesn't have a hideaway lens, it would be easy to forget to turn it off when you put it away -- I do that a lot with my DSLR.

Re:Not unexpected but... (1)

thegarbz (1787294) | 1 year,22 days | (#43290089)

You're assuming the hack allows low level hardware interaction. It doesn't, it only allows you to control camera function. So to engage the microphone the Canon 1Dx would make a satisfying clank when it switches to video recording mode and flips up the mirror.

Yes it may be more discrete to do with a point and shoot or the crappy M series, but this is still a massively roundabout way of invading someone's privacy. I don't see this action ever being a rampant problem.

Sounds like fun (1)

viperidaenz (2515578) | 1 year,23 days | (#43278839)

You'd be able to steal nudie pics taken in private from outside the studio/house.

Re:Sounds like fun (1)

kwbauer (1677400) | 1 year,23 days | (#43279099)

Or just wait a day and get them after their uploaded to the internet. That way you don't do anything that could be generally construed as illegal. Well, unless your into kids. In that case, you have more serious issues to deal with.

And if you have to drive around, surreptitiously looking for unencrypted and otherwise unprotected cameras from which to pilfer nudie pics because you've "reached the end" of that particularly large back-alley of the internet, then you also have a problem and should probably seek out professional help.

Please don't escalate this exploit (1)

Anonymous Coward | 1 year,23 days | (#43279225)

Do you like live videos of bands? Then please don't do this at your local venues. I've seen all kinds of nonsense infra red signals taking over band equipment, shutting off cameras, this happens a lot more than people think. So let the band play their song in peace, and don't slam the crap out of the camera people or there won't be many more free live videos that you love. I know you all are going to do what you are going to do, but at least you now know the other side of the coin here. If all someone is doing is a video +2 , 3 camera shot, on their own dime(gas, time, camera's, editing), making it available on their own websites, and submitting to broadcast it on their own public access show, do you really want to fuck that up by being a prick?

If you want to hack the web and peoples laptop camera's, I really don't give a shit. But if you want free music, listen up, and don't become the cause of a problem, reaction, solution. The solution will be no more video pass, and lots of programmers who just say fuck it.

Good trick (2)

egcagrac0 (1410377) | 1 year,23 days | (#43279579)

managed to gain complete control of it

Aiming the camera under remote control via software is a pretty good trick. Ordinarily, you need to mount it on a pan-tilt device.

Removing the lens cap from software is another good trick. Powering the thing on remotely with batteries removed is amazing.

Yes, this is pedantic, but I'm guessing they don't have complete control of the camera. They may have control of the camera software.

Oh the horror! (1)

Diddlbiker (1022703) | 1 year,23 days | (#43280611)

Let's see... professional DSLR's to be used for spying

That's going to be hard with the camera in the camera bag, where most SLR's are when not in use. But let's assume this one's not.
That's going to be hard with the lens cap on the lens, which is the case with most SLR's that are not in use but not in the bag. But let's assume this one's not.
That's going to be hard with the camera pointing in the right direction, which is pretty hard given the form factor (vertical grip) of a "casual laying around" SLR. But let's assume for some godforsaken reason I tend to store my SLR, without a lens cap, in my living room, mounted on a tripod.
That's going to be pretty hard, unless I have *exactly* the right lens mounted on my camera. Ok, so let's assume that I randomly leave my SLR in my living room, mounted on a tripod, with wide angle lens mounted on it, pointing in the right direction.
That's going to be pretty hard, unless I happen to have it focused on whatever I want to see. Ok, granted, hyperfocal distance on WA lenses is pretty short. But still.
That's going to be pretty hard. Because even though my professional SLR, mounted casually on a tripod in my living room, capturing most of that room, set to hyperfocal distance, without a lens cap, is ready to go, keeping it on "live view" is going to run the battery down pretty seriously, even with the serious batteries those flagship cameras have. You're not going to take pictures in regular SLR mode, right? Because you will hear the shutter on a camera like that. So battery sucking, sensor overheating live view it is.

Mmmh. I guess it's a risk. I always have my SLR with the lens cap off, wide angle lens, covering the entire room, hyperfocal distance, camera on, tethered into a power plug. Wait. If I have my camera tethered in, then why wouldn't I also be tethering it to my PC. Why is it that wireless is a risk? If we're going to make all these half-ass assumptions about using an SLR for spying, why not assume it's hooked up to a computer with a cable? We might as well.
I don't think *wireless* is going to be that much of a security risk.

What an oversight... (1)

houbou (1097327) | 1 year,23 days | (#43281903)

One would think that the moment you mentioned 'wi-fi' and any other tech, that, hacking and therefore protection from hacking would be a priority .. you know.. ensuring your product's integrity? Nah..
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...