Almost every recent higher class DSLR camera features multiple and complex access technologies. For example, CANON’s new flagship features IP connectivity both wired via 802.3 and wireless via 802.11. All big vendors are pushing these features to the market and advertise them as realtime image transfer to the cloud. We have taken a look at the layer 2 and 3 implementations in the CamOS and the services running upon those. Not only did we discover weak plaintext protocols used in the communication, we’ve also been able to gain complete control of the camera, including modification of camera settings, file transfer and image live stream. So in the end the “upload to the clouds” feature resulted in an image stealing Man-in-the-Imageflow. We will present the results of our research on cutting edge cameras, exploit the weaknesses in a live demo and release a tool after the presentation.
Daniel Mende is a German security researcher with ERNW GmbH and specializes in network protocols and technologies. He is well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks. He has also discussed new ways of building botnets and presented on protocol security at many occasions including Troopers, ShmooCon and Black Hat. He has written several tools for assessment of telecommunication networks like Pytacle, GTP-Scan, Dizzy and APNBF.