Paparazzi over IPSome modern digital cameras are specifically included WiFi-transmitter and remote access interface.

This is to ensure that the owner of the camera could put it in a convenient place, such as in the bushes, and the control shooting with a comfortable chair, getting shot photos on my laptop on WiFi. Indeed, it is very convenient. But in this configuration, the camera is vulnerable to unauthorized access.

German security experts Daniel Mende and Pascal Turbing by ERNW company made a few days ago, spoke at the conference Shmoocon in 2013 with the report “Paparazzi over IP” the video report below, the performance itself begins with a 2:30.

Hackers have shown in the case of digital cameras Canon EOS-1D X, it is easy to make a spy camera in the device. The camera is so open to external control, which allows you to not just download all the pictures and completely given to the management of each counter. This model has built-in gigabit Ethernet card and module WiFi, it runs on a standard TCP / IP (IPv6 support is not available).

The camera can easily flood the ARP-requests: just 100 requests per second. More interesting things are happening on the service level, since the camera has built-in Web server, FTP, DLNA and control software, which can be accessed from the outside. Credentials to the FTP transmitted in plain text, the rest of the traffic is not encrypted, too: photos you can catch regular sniffer directly from radio. Accessible via DLNA-existent no authentication and no restrictions.

Built-in Web server only understands HTTP GET, is responsible for everything else 404. Authentication is a standard method of HTTP Basic (RFC 2617), and session cookies look so: sessionID = 40b1, that is only 4 bytes long.