Samsung 'Smart' Camera Easily Hackable

An anonymous reader writes "The op-co.de blog has a post about the incredibly poor job Samsung did securing its new NX300 'smart camera.' One of the camera's primary features is that it can join Wi-Fi networks — this lets it upload photos, but it also lets you use your smartphone to access the photos on the camera directly. You can also connect with NFC. Unfortunately, the way they set it up is extremely insecure. First, there's an NFC tag that tells the camera where to download the app, and also the name of the access point set up by the camera. 'The tag is writable, so a malicious user can easily 'hack' your camera by rewriting its tag to download some evil app, or to open nasty links in your web browser, merely by touching it with an NFC-enabled smartphone.' Things aren't much better with Wi-Fi — a simple port scan reveals that the camera is running an unprotected X server (running Enlightenment). When the camera checks for new firmware, it helpfully reports your physical location. Its software also sets up unencrypted access points."

I'm Safe.

I have this camera but it can't be hacked. I live in Denver, which is in the AFC.

Re:Is this really likely to happen?

[jeffmflanagan]

>I've never seen one of these cameras and I doubt many other people have either.
Agreed.

>Nor does it seem likely that there are hackers standing by to "touch" the powered up, wifi connected camera
Agreed.

>And when all is said a relatively trivial patch would correct the issue.
Yes, but it should have been secure out of the box. Many manufacturers don't give a lot of thought to security, and that needs to change. If someone can own your camera over their WiFi, they can load an app that gives them access to YOUR WiFi when you get home. That's pretty serious.

X11 you say?

[mx_mx_mx]

This would be pure awesomeness to show goatse on the screen of the camera to unsuspecting viewer while he aims for the shot....

As if Canon/Nikon do this better

[SirJorgelOfBorgel]

While this camera should of course be more secure - what exactly are we comparing it to ?

Do you think your Canons and Nikons are safe? Lots of models allow remote control using either USB or Wi-Fi. USB requires a cable from your smartphone running the malicious software, while Wi-Fi obviously does not. For Wi-Fi you need to get past the encryption, but the joke is, lots of people actually run their camera's Wi-Fi without encryption (surprisingly, some photo blogs advise it for ease of use). You're still not home free though as there's a pairing process when Wi-Fi is used, but if the camera owner's smartphone is active on Wi-Fi (not necessarily even the same network - just turned on), this is not hard to beat either.

If you can get connected to these cameras either via USB (completely unprotected) or Wi-Fi, it is not just possible to manipulate, retrieve, replace, wipe, etc all images present, you can fully control the camera's settings and even send malformed commands to completely disable the camera, only to be (potentially - it depends on the model) revived by a Canon/Nikon repair center. This while most users think the worst that can happen is someone copying their pictures ...

You think the NX300 is bad? Consider that pretty much nobody owns an NX300, while virtually all photojournalists active in countries with questionable rights to free speech have one of these affected Canons and Nikons ...