Samsung NX300 Gets Hacked – Will Run Any Linux App

nx-300-rooted1

We have seen some major cameras get hacked and it usually makes them better. Magic Lantern made Canon better, Nikon Hacker added functions to Nikon, and Ptool added video Codex for Panasonic. Now it is the time for Samsung camera to get hacked.

Finally after a year and a half in the wild the NX300 got rooted. Getting rooted means gaining administrative rights to the camera and practically running any program on it.

Developer Georg Lukas went ahead and played with his new NX300, but he did not play with it like a photographer would, he played with it like an IT consultant would exposing the camera security weaknesses (of which he found quite a few).

nx300_teddyAmong the exploits that Georg found are

  • Using NFC to trigger any application he wished
  • Realizing that with every start o the camera, Samsung obtains its geographical data
  • The camera runs an X11 as an open service, this means that the anyone can send any data they want to the camera screen – see the cute Georg sent it a few lines up.
  • Sadly, also the Key binding for the X11 are open which means that anyone can send fake key strokes to the camera.
  • Finally Georg managed to Root the camera

What is Rooting a Camera and Why it Matters?

In the essence, rooting a device means gaining complete control over it. Georg rooted it by discovering that the camera always tries to run a specific file from the SD card and gave the camera a file with some instructions to make him the master.

So after Georg Rooted his NX300, he can basically run any command or program from the camera. This could be interesting in two very opposing scenarios:

The good scenario – The open source community improves the NX300

We know this scenario, we’ve been this path before with Magic Lantern, Nikon Hacker and Ptool. All proved to be great resources for photographers who wanted to get more of their gear than what the manufacturer allowed them. Either by deliberately blocking features, or simply not implementing what the community wanted.

Sadly, even rooting a camera is not the final outcome for such hackery. It is only the first step. The core functions of the camera are hidden inside a binary blub (for non techies this means that the code is there, but it is written in its purest form – a  bunch of 1′s and 0′s so you can’t really understand it or what it does).  But it does mean that this blub of code can be explored. This is how all firmware hackery began. I would love to see the same power of Magic Lantern brought into Samsung cameras.

The scary scenario – Your Camera is a backdoor

With the camera being so unsecured on one hand and having access to your home network on the other, it can be used by clever hackers to obtain access to otherwise protected data. One trivial scenario is to ‘digitally hijack’ the camera while the photographer is out of the house, than inject a Trojan virus to his home. Another trivial hack would be to simply browse all the pictures on a given camera without the owner ever knowing it.

Which will it be? I hope the first option.

[Hacking the Samsung NX300, part 2: Get Root via Hackaday]

  • https://www.facebook.com/michaelgara Michael Gara

    I hear the 5DmkIV is going to have 2048 pre-installed! :)

  • tooning

    Excellent news for the Samsung NX system if we can have some “magic lantern” kind of hacks .

  • Marco -

    I’d be happy if they could port the remote evf pro app to nx300 from nx30, considering that samsung does not do that to try and sell the nx30…