Thursday, March 28, 2013

Hackers steal photos, turn Wi-Fi cameras into remote surveillance device

Electronic manufacturers need to start putting some real thought into securing the devices and protecting privacy!

With so many people seizing the convenience of using their smartphone cameras to point, shoot and share, embedded GPS location and all, digital camera manufacturers have been offering more "social" options such as built-in Wi-Fi capabilities and camera apps to quickly share photos and videos.

In fact, if a digital single-lens reflex (DSLR) camera isn't Wi-Fi enabled, some photographers go the Wi-Fi SD card route and others create hacks to give that camera wireless file transfer capabilities.

While there have been plenty of researchers working on ways to exploit smartphones for remote spying, such as the scary PlaceRaider, an Android app that remotely exploits the camera and secretly snaps a picture every two seconds, there has not been as much research into exploiting DSLR Wi-Fi-enabled cameras. However, security researchers from ERNW changed that by showing how to exploit vulnerabilities in order to steal photos and turn a DSLR camera into a spying device.

In the presentation Paparazzi over IP, Mende and Turbing explained that there are four ways that the Canon EOS-1D X can communicate with a network via FTP, DLNA (Digital Living Network Alliance), WFT (Wireless File Transmitter) and the EOS Utility Mode.

They were able to attack and exploit all four, saying, "Not only did we discover weak plaintext protocols used in the communication, we've also been able to gain complete control of the camera, including modification of camera settings, file transfer and image live stream. So in the end the 'upload to the clouds' feature resulted in an image stealing Man-in-the-Imageflow."


Refer here to read further details.

No comments: