Vulnerabilities Affected Canon's Digital Cameras

6th August 2019

Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions.

Thank you very much for using Canon products.

An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates. (CVE-ID: CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001)

Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a computer or mobile device that has been hijacked through an unsecured network.

At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following security precautions:

• Ensure the suitability of security-related settings of the devices connected to the camera, such as the computer, mobile device, and router being used.
• Do not connect the camera to a computer or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
• Do not connect the camera to a computer or mobile device that is potentially exposed to virus infections.
• Disable the camera’s network functions when they are not being used.
• Download the official firmware from Canon’s website when performing a camera firmware update.

Models affected by the vulnerabilities

EOS-1D X ※2 EOS 750D EOS M3
EOS-1D X Mark II ※2 EOS 800D EOS M5
EOS-1D C ※2 EOS 200D EOS M6
EOS 5D Mark III ※1 EOS 200D II EOS M10
EOS 5D Mark IV EOS 760D EOS M100
EOS 5DS ※1 EOS 77D EOS M50
EOS 5DS R ※1 EOS 1300D PowerShot SX70 HS
EOS 6D EOS 1500D PowerShot SX740 HS
EOS 6D Mark II EOS 3000D PowerShot G5X Mark II
EOS 7D Mark II ※1 EOS R EOS 80D
EOS 70D EOS RP

These vulnerabilities affect the EOS-series digital SLR and mirrorless cameras, and the PowerShot SX740 HS, PowerShot SX70 HS, PowerShot G5X Mark II digital compact cameras.

Firmware update

There is an increased use of computers and mobile devices in an unsecure (free Wi-Fi) network environment where customers are not aware of the network security. As it has become prevalent to transfer images from a camera to a mobile device via Wi-Fi connection, we will implement firmware updates for the following models that are equipped with the Wi-Fi function.

※1 If a Wi-Fi adapter or a Wireless file transmitter is used, Wi-Fi connection can be established.

※2 Ethernet connections are also affected by these vulnerabilities.

Firmware update information will be provided for each product in turn starting from products for which preparations have been completed.

Share this page