Almost every recent higher class DSLR camera features multiple and complex access technologies. For example, CANON's new flagship features IP connectivity both wired via 802.3 and wireless via 802.11. All big vendors are pushing these features to the market and advertise them as realtime image transfer to the cloud. We have taken a look at the layer 2 and 3 implementations in the CamOS and the services running upon those.
Not only did we discover weak plaintext protocols used in the communication, we've also been able to gain complete control of the camera, including modification of camera settings, file transfer and image live stream. So in the end the "upload to the clouds" feature resulted in an image stealing Man-in-the-Imageflow. We will present the results of our research on cutting edge cameras, exploit the weaknesses in a live demo and release a tool after the presentation.
ABOUT DANIEL MENDE
Daniel Mende is a German security researcher specialized on network protocols and technologies. He's well known for his Layer2 extensions of the SPIKE and Sulley fuzzing frameworks, the famous Layer3 attacking toolkit Loki and has presented on protocol security at many occasions including Troopers, Blackhat, CCC, and ShmooCon. Usually he releases a new tool when giving a talk.
Uploader: Hack In The Box Security Conference