Canon Responds To IP Camera Hacks

By: IPVM Team, Published on May 30, 2018

Canon cameras made international news earlier this month, with reports of them being hacked in Japan (e.g., Hackers disable scores of Canon-made security cameras across Japan and Dozens of Canon security cameras hacked in Japan, possibly because factory default passwords weren’t changed).

Canon has responded to IPVM's request for comment, saying:

In the Canon cameras released from 2016 and onwards there is no default password preset. Users are forced to set their own administrator name and password when they first access the camera. There is no known vulnerabilities being exploited as of today.

The practical problem is that Canon cameras released before 2016 still do allow default passwords. Canon explained that:

Canon will release the upgrade firmware in June for the models released in 2015. With the new firmware, after defaulting the camera, the users need to set their own admin name and password when first accessing the camera.

However, cameras before 2015, still do not have a software update:

For the older models, released in 2014 or earlier, including VB-S800D, the solution for the customer is now under investigation.

On the other hand, since the issue is default passwords and since the cameras were deployed many years ago, a software update is not necessary to fix as much as simply going in and changing the default password.

Last year, Hikvision experienced a similar issue, though at far greater scale: Hikvision Defaulted Devices Getting Hacked. Hikvision requires setting a strong password but there are large numbers of older, never updated devices that still use default passwords.

Axis Overtaking Canon In Surveillance

Since the 2015 acquisition of Axis by Canon, Axis has effectively taken over Canon's video surveillance outside of Japan (see Axis Takes Over Canon Surveillance Sales and Marketing). As such, new releases and overall Canon IP camera offerings have been relatively muted compared to Axis'.

Default Passwords Vs Backdoors

Default passwords differ from backdoors (like the Dahua backdoor of Hikvision IP camera backdoor) as the former rely on the user leaving the password default. By contrast, with backdoors, no matter how strong a password one sets, the backdoor allows admin access.

For more, see Directory of Video Surveillance Cybersecurity Vulnerabilities and Exploits.

Comments (20) : Members only. Login. or Join.

Related Reports

Axis Compares Fever Camera Sellers to 9/11 on Sep 18, 2020
Axis Communications, the West's largest surveillance camera manufacturer, has...
Alabama Schools Million Dollar Hikvision Fever Camera Deal on Aug 11, 2020
The Baldwin County, Alabama public schools purchased a $1 million, 144-camera...
Favorite Network Switches 2020 on Aug 31, 2020
Cisco has long been the gorilla of network switches but would an upstart...
Risks Of Managing End User Passwords (Statistics) 2020 on Sep 11, 2020
Alarmingly, most integrators used spreadsheets to manage passwords, IPVM...
Access Visitor Management Systems Guide on Jul 22, 2020
"Who are you, and why are you here?" Facilities that implement Visitor...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
School District Admits Not Following FDA Guidelines With 144, No Blackbody, Hikvision Fever Cameras on Aug 21, 2020
The Baldwin County School District has admitted it is not following FDA...
Anixter Runs Fake Coronavirus Marketing Using Shutterstock Watermarked Images on Jul 24, 2020
Coronavirus faked marketing is regrettably commonplace right now but Anixter...
Wrong Dahua Australia Medical Device Approved on Jul 20, 2020
Dahua's body temperature system is now in Australia's medical device...
WDR Cheat Sheet and Camera Tracking - 30 Manufacturers on Aug 26, 2020
Manufacturers are regularly cryptic about what WDR support they actually...
IPVM Editorial Staff on Aug 01, 2020
IPVM has the largest and most experienced editorial team covering video...
ISC News Fakes Fever Screening, Falsely Quotes FDA on Jun 18, 2020
ISC News, the Reed publication behind the ISC East and West trade shows, has...
Integrator Acquisitions 'A Good Market' During COVID-19, Says Greybeards on Jul 28, 2020
Industry broker Ron Davis of the "Greybeards" says that the integrator and...
Warning: Panasonic i-PRO Deceives About NDAA Compliance on Aug 18, 2020
IPVM has determined that Panasonic i-PRO has deceived about its NDAA...
Dahua Taunts Australian Government, Continues To Sell Illegal Fever Cameras on Aug 10, 2020
Dahua is effectively taunting the Australian government by continuing to sell...

Recent Reports

OnTech Smart Services Partners With Google and Amazon To Compete With Integrators on Sep 25, 2020
A pain point for many homeowners to use consumer security and surveillance is...
The Future of Metalens For Video Surveillance Cameras - MIT / UMass / Immervision on Sep 25, 2020
Panoramic cameras using 'fisheye' lens have become commonplace in video...
Hikvision Sues Over Brazilian Airport Loss on Sep 24, 2020
Hikvision was excluded from a Brazilian airport project because it is owned...
China General Chamber of Commerce Calls Out US Politics on Sep 24, 2020
While US-China relations are at an all-time low, optimism about relations...
Verkada Disruptive Embedded Live Help on Sep 24, 2020
Call up your integrator? Have someone come by the next day? Verkada is...
IP Networking Course Fall 2020 - Last Chance - Register Now on Sep 23, 2020
Today is the last chance to register for the only IP networking course...
Drain Wire For Access Control Reader Tutorial on Sep 23, 2020
An easy-to-miss cabling specification plays a key role in access control, yet...
Norway Council of Ethics Finds Hikvision Human Rights Abuses "Ongoing" on Sep 23, 2020
Hikvision's involvement in "serious human rights abuse" in Xinjiang is...
IPVM Camera Calculator User Manual / Guide on Sep 23, 2020
Learn how to use the IPVM Camera Calculator (updated for Version 3.1). The...
Installation Course Fall 2020 - Save $50 - Last Chance on Sep 22, 2020
This is a unique installation course in a market where little practical...
SimpliSafe Business Security Launched Examined on Sep 22, 2020
SimpliSafe has launched "SimpliSafe Business Security" that the company...
FLIR CEO: Many New Fever Entrants "Making Claims That The Science Just Won't Support" on Sep 22, 2020
FLIR's CEO joins a growing number calling out risks with fever / screening...
China Bems Temperature Measurement Terminal Tested on Sep 22, 2020
Guangzhou Bems (brand Benshi) is the manufacturer behind temperature...
Axis Exports To China Police Criticized By Amnesty International on Sep 21, 2020
Axis Communications and other EU surveillance providers are under fire from...
Milestone XProtect on AWS Tested on Sep 21, 2020
Milestone finally launched multiple cloud solutions in 2020, taking a...