ID
VAR-201012-0373
TITLE
Canon Digital Camera HMAC Unauthorized Access Vulnerability
Trust: 0.6
DESCRIPTION
Canon EOS is a series of digital SLR cameras released by Canon. The mid- to high-end Canon digital camera has an \"Original Decision Data\" (ODD) function, which is a digital signature that can be used to verify that the photo has been changed or that the data time stamp or GPS data coordinates have changed. However, defects in digital signatures can lead to forgery. The second version of the Canon ODD system has a HMAC code of 256 bits. The problem is that the HMAC in Canon RAM exists in a confusing form and can be extracted. According to the Sklyarov report, the HAMC can be extracted from the Canon FLASH ROM and manually confusing. This problem is a design flaw that cannot be fixed. According to Sklyarov, he has been from EOS 20D, EOS 5D, EOS 30D, EOS 40D, EOS 450D, EOS 1000D, EOS 50D, EOS 5D Mark II, EOS 500D and EOS 7D series. Extract the HMAC key. An attacker can use these keys to modify a photo file without authorization. Multiple Canon digital cameras are prone to a vulnerability that may allow for the undetected modification of images
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | canon | model: | eos 1000d | scope: | - | version: | - | Trust: 0.6 |
| vendor: | canon | model: | eos 20d | scope: | - | version: | - | Trust: 0.6 |
| vendor: | canon | model: | eos 40d | scope: | - | version: | - | Trust: 0.6 |
| vendor: | canon | model: | eos 450d | scope: | - | version: | - | Trust: 0.6 |
| vendor: | canon | model: | eos 500d | scope: | - | version: | - | Trust: 0.6 |
| vendor: | canon | model: | eos 50d | scope: | - | version: | - | Trust: 0.6 |
| vendor: | canon | model: | eos 5d | scope: | - | version: | - | Trust: 0.6 |
| vendor: | canon | model: | eos 5d mark i i | scope: | - | version: | - | Trust: 0.6 |
| vendor: | canon | model: | eos 7d | scope: | - | version: | - | Trust: 0.6 |
| vendor: | canon | model: | eos 7d | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | canon | model: | eos 5d mark ii | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | canon | model: | eos 5d | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | canon | model: | eos 50d | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | canon | model: | eos 500d | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | canon | model: | eos 450d | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | canon | model: | eos 40d | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | canon | model: | eos 20d | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | canon | model: | eos 1000d | scope: | eq | version: | 0 | Trust: 0.3 |
THREAT TYPE
local
Trust: 0.3
TYPE
Unknown
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 45106 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-2979 | Trust: 0.6 |
REFERENCES
| url: | http://www.networkworld.com/news/2010/113010-analyst-finds-flaws-in-canon.html | Trust: 0.9 |
| url: | http://www.canon.com/ | Trust: 0.3 |
CREDITS
Dmitry Sklyarov
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-2979 |
| db: | BID | id: | 45106 |
LAST UPDATE DATE
2022-05-17T01:46:46.462000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-2979 | date: | 2010-12-01T00:00:00 |
| db: | BID | id: | 45106 | date: | 2010-11-30T17:05:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-2979 | date: | 2010-12-01T00:00:00 |
| db: | BID | id: | 45106 | date: | 2010-11-30T00:00:00 |