(news & commentary)
I’ve been waiting for this one.
With all the camera makers exploring NFC, WiFi, and even Ethernet (D4) connections to try to play in the smartphone fields, the question has always been how secure those communications systems are being programmed. Nikon, for example, uses a dedicated Linux server in the D4: can I get to it and receive information from it or redirect it?
In Germany we have the first indication of the answer, specifically with the Samsung NX300, but I’ll just say without revealing any details that this applies to far more cameras than the NX300. Bottom line: if you use the communication capabilities of any recent camera, you may be broadcasting hackable information about your location, your network, and you may be prone to having someone download something to your camera unknowingly.
It took the operating system companies years to get fully behind promoting security in their products, more years for the application providers to do so, and now we have even more products trying to fulfill the Internet Everywhere premise that are programmed in shaky fashion.
So what do you do?
- The good news about the D4’s Ethernet server is that you’d need physical access to hack it. I’m not much worried about what happens in my studio, though I would restrict physical network access to others (i.e. have a separate and secured Guest network).
- If you’re using WiFi/NFC connections only at home, you’re probably fine. It would pay to periodically check who’s connected to your network via either your router’s basic facilities or a software product like Scany (iOS App Store). But if you’re not seeing unknown connections to your network, the likelihood of a drive-by attack is low. Secure your network with a WPA2 password. If you live in a dense neighborhood (big apartment building, row homes, etc.) you need to be more worried than if you live in suburbia on a big lot.
- If you’re using WiFi/NFC connections in the total wild (backcountry, remote areas, etc.) I wouldn’t overly worry. If you can’t see anyone else, there probably isn’t anyone who can connect to your camera/smartphone WiFi.
- Just don’t use the WiFi/NFC connections. Leave them off.
I’m sure there are folk at the NSA that are looking at all these camera implementations and finding plenty of vulnerabilities to exploit. The problem for the rest of us is that most of us don’t have the tools, time, and/or expertise to be poking around in the code the camera companies are creating. Thus, we’re all going to find out about an exploit after it actually happens.