Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions.

Update: 02/13/2020

Thank you very much for using Canon products.

An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates.
(CVE-ID:CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001)

Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.

At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.

  • Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
  • Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
  • Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
  • Disable the camera’s network functions when they are not being used.
  • Download the official firmware from Canon’s website when performing a camera firmware update.

Models Affected

These vulnerabilities affect the EOS-series digital SLR and mirrorless cameras PowerShot SX740 HS, PowerShot SX70 HS, PowerShot G5X Mark II.


Firmware Update

There is an increased use of PCs and mobile devices in an unsecure (free Wi-Fi) network environment where customers are not aware of the network security. As it has become prevalent to transfer images from a camera to a mobile device via Wi-Fi connection, we will implement firmware updates for the following models that are equipped with the Wi-Fi function.

Model

Estimated Firmware availability

EOS-1D X*1*2

Version 1.2.1 is available for download

EOS-1D X Mark II*1*2

Version 1.1.7 is available for download

EOS-1D C*1*2

Version 1.4.2 is available for download

EOS 5D Mark III*1

Version 1.3.6 is available for download

EOS 5D Mark IV

Version 1.2.1 is available for download

EOS 5DS*1

Version 1.1.3 is available for download

EOS 5DS R*1

Version 1.1.3 is available for download

EOS 6D

Version 1.1.9 is available for download

EOS 6D Mark II

Version 1.0.5 is available for download

EOS 7D Mark II*1

Version 1.1.3 is available for download

EOS 70D

Version 1.1.3 is available for download

EOS 77D

Version 1.0.3 is available for download

EOS 80D    

Version 1.0.3 is available for download

EOS M10

Version 1.1.1 is available for download

EOS M100

Version 1.0.1 is available for download

EOS M3

Version 1.2.1 is available for download

EOS M5

Version 1.0.2 is available for download

EOS M50

Version 1.0.3 is available for download

EOS M6

Version 1.0.1 is available for download

EOS M6 Mark II

Version 1.0.1 is available for download

EOS R

Version 1.4.0 is available for download

EOS RP

Version 1.3.0 is available for download

EOS Rebel SL2

Version 1.0.3 is available for download

EOS Rebel SL3

Version 1.0.2 is available for download

EOS Rebel T6

Version 1.1.1 is available for download

EOS Rebel T6i

Version 1.0.1 is available for download

EOS Rebel T6s

Version 1.0.1 is available for download

EOS Rebel T7

Version 1.1.1 is available for download

EOS Rebel T7I

Version 1.0.2 is available for download

PowerShot G5X Mark II

TBD

PowerShot SX70 HS

Version 1.1.1 is available for download

PowerShot SX740 HS

Version 1.0.2 is available for download

 

*1These models require a WiFi adapter or a Wireless File Transmitter to support WiFi connectivity.

*2Ethernet connections can also permit these vulnerabilities.

Firmware update information will be provided for each product.


Support

If you have not already done so, please register your Canon Product. By registering, we will be able to notify you via email about future announcements.

This information is for residents of the United States and its five territories only. If you do not reside in the USA or its five territories, please contact the

Canon Customer Support Center in your region. 

Thank you,
Customer Support Operations
Canon U.S.A., Inc.

 
 
Contact Information for Inquiries 
Canon Customer Support Center
Phone: 1-800-OK-CANON
  1-800-652-2666
TDD:
1-855-270-3277
Email: carecenter@cits.canon.com
For additional support options:  www.usa.canon.com/support

 

GET SUPPORT
Need help with your product? Let us help you find what you need.
Product Support
NEED IT FIRST
Sign up for up-to-the-minute Canon News, Sales and Deals.
LEARN WITH CANON
Discover great new ways to enjoy your products with exclusive articles, training and events.
Learn more