There is a PTP command for a firmware update process and it requires no user interaction from the owner of the camera. This means that an attacker with the ability to forge a malicious firmware update file will be able to compromise the camera without the user’s consent.

In addition, Canon’s firmware update files are signed using symmetric cryptography based on a single key that is shared between all of the cameras, instead of using asymmetric cryptography. An attacker that will successfully extract the keys from any camera, will be able to forge such a malicious firmware update file that will get accepted by all other cameras.