Canon has issued a global security advisory relating to Canon digital cameras which feature the Picture Transfer Protocol (PTP) communication system. It’s a pretty long list of 32 cameras, including popular DSLRs like the 5D Mark III, 5D Mark IV, 6D and 6D Mark II, as well as their full-frame mirrorless cameras, the EOS R and EOS RP.
Essentially, as demonstrated in the above video, the exploit would allow an attacker to break into the camera’s file system on the SD card over WiFi and encrypt the user’s files. It then displayed a message on the screen stating that the files would be unlocked after a ransom is paid. Check Point says they notified Canon of the vulnerability back in March and the two companies have been working together in order to help resolve it since then.
The advisory reads…
An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates.
（CVE-ID: CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001）
Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.
At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.
- Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
- Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
- Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
- Disable the camera’s network functions when they are not being used.
- Download the official firmware from Canon’s website when performing a camera firmware update.
Please check the Web site of the Canon sales company in your region for the latest information regarding firmware designed to address this issue.
The complete list of cameras is not mentioned on the global advisory, however, they are listed on an alert on the Canon UK website.
These vulnerabilities affect the following EOS-series digital SLR and mirrorless cameras:
EOS-1DX*1 *2 EOS 6D Mark II EOS 760D EOS M5 EOS-1DX MK II*1 *2 EOS 7D Mark II*1 EOS 77D EOS M6 EOS-1DC*1 *2 EOS 70D EOS 1300D EOS M10 EOS 5D Mark IV EOS 80D EOS 2000D EOS M100 EOS 5D Mark III*1 EOS 750D EOS 4000D EOS M50 EOS 5DS*1 EOS 800D EOS R PowerShot SX70 HS EOS 5DS R*1 EOS 200D EOS RP PowerShot SX740 HS EOS 6D EOS 250D EOS M3 PowerShot G5X Mark II
*1 If a WiFi adapter or a Wireless file transmitter is used, WiFi connection can be established.
*2 Ethernet connections are also affected by these vulnerabilities.
Firmware update information will be provided for each product in turn starting from products for which preparations have been completed.
So far, a firmware update for the Canon EOS 80D has been released to address the issue.
If you own one of the other affected cameras, you’ll want to keep checking back for new firmware updates.