Product Advisories

Print This PageEmail This Page

Service Notice: Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions

Thank you for using Canon products.

Phenomenon
An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates.
(CVE-ID:CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001)

Due to these vulnerabilities, the potential exists for third-party attack on the camera, if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.

At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.
  • Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
  • Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
  • Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
  • Disable the camera’s network functions when they are not being used.
  • Download the official firmware from Canon’s website when performing a camera firmware update.

Affected Products
These vulnerabilities affect the EOS-series digital SLR and mirrorless cameras PowerShot SX740 HS,PowerShot SX70 HS,PowerShot G5X Mark II.

Support
There is an increased use of PCs and mobile devices in an unsecure (free Wi-Fi) network environment where customers are not aware of the network security. As it has become prevalent to transfer images from a camera to a mobile device via Wi-Fi connection, we will implement firmware updates for the following models that are equipped with the Wi-Fi function.

ModelEstimated Firmware availability
EOS-1D X*1*2TBD
EOS-1D X Mark II*1*2TBD
EOS 5D Mark III*1TBD
EOS 5D Mark IVTBD
EOS 5DS*1TBD
EOS 5DS R*1TBD
EOS 6DTBD
EOS 6D Mark IITBD
EOS 7D Mark II*1TBD
EOS 70DTBD
EOS 80DVersion 1.0.3 is available for download
EOS M100TBD
EOS M50TBD
EOS RTBD
EOS RPTBD
EOS Rebel SL2TBD
EOS Rebel SL3TBD
EOS Rebel T6TBD
EOS Rebel T6iTBD
EOS Rebel T6sTBD
EOS Rebel T7TBD
EOS Rebel T7iTBD
EOS Rebel T100TBD
PowerShot G5X Mark IITBD
PowerShot SX70 HSTBD
PowerShot SX740 HSTBD


*1. These models require a WiFi adapter or a Wireless File Transmitter to support WiFi connectivity.
*2. Ethernet connections can also permit these vulnerabilities.

Firmware update information will be provided for each product.

Contact Information
Should you have any questions about the announcement, please contact the Authorized Service Facility in your area or you may contact the Call Center within your region.