We worry about security on our computers, phones, and tablets. But with Wi-Fi popping up on other devices such as cameras, we forget that they, too, could be vulnerable. While we haven’t seen any real-world examples of attacks, two security researchers with German IT consulting firm ERNW, Daniel Mende and Pascal Turbing, recently tested out the theory to see if such attacks are possible with Wi-Fi-enabled cameras, whether the wireless feature is built-in, through a dongle, or a SD card like the Eye-Fi. The two spoke about their exploits at the recent Schmoocon 2013 hacker convention; Net Security covered the hour-long talk and provided a video of the speech (see below).
The researchers used a Canon EOS-1D X DSLR to examine the wired and wireless networking capabilities (shown above and right with wireless adapter). They hacked into every opening that the camera allowed, and Mende and Turbing found a range of activities that hackers could partake in, once they find their way into your camera. For example, hackers could access the camera’s photos and save them for their own purposes. They can also leave photos on the camera that you didn’t take. How embarrassing it would be when you’re showing friends and family snaps from your photo shoot or recent vacation and some explicit images pop onto the screen!
The test found that hackers could pretty much take control of the camera once they gain access. This means they can also take pictures or a video of you, or whatever the camera sees through its lens, and the user may never suspect something is wrong.
Before we jump to conclusions and put our Wi-Fi cameras under lockdown, this all needs to be taken into perspective. To the researcher’s knowledge, hacking into cameras has never been done, except by them. Plus, the camera has to be on, and the Wi-Fi dongle has to be attached or the built-in Wi-Fi enabled.
On a positive note, the ability to hack into the camera has some uses as well. You can hack into your own camera in order to take photos remotely, or take some interesting self-portraits or low-light photography with long exposures. Remote access can also allow a photographer to set up a time-elapsed photo program. Whether for good or bad, the research findings show that this is just the beginning, and may be something for us to be cautious about.
Check out the video on how Mende and Turbing were able to hack into the camera.