DSLR Cameras Can Be Infected With Ransomware

Tip 02 Een dslr heeft een spiegelsysteem aan de binnenkant waardoor deze camera’s vrij fors zijn

Tip 02 Een dslr heeft een spiegelsysteem aan de binnenkant waardoor deze camera’s vrij fors zijn

Security vulnerabilities in popular internet-connected digital cameras could allow hackers to infect them with ransomware, rendering the devices useless, or deploy other forms of malware which could potentially turn a camera into a gateway for infecting larger networks.

"DSLR cameras, are susceptible to attacks", said Eyal Itkin, Security Researcher, Check Point Software Technologies.

Digital cameras use Picture Transfer Protocol (PTP), a standard protocol to transfer digital files. Once the attackers were range of the camera, they ran an exploit to access the camera's SD card and encrypt any photos.

The researchers looked at the Canon EOS 80D because it has both USB and Wi-Fi connectivity, as well as an extensive modding community which provides open source software for the camera. As the protocol is standardized and embedded in other leading camera brands, researchers believe similar vulnerabilities can also be found in other leading vendors. However, Check Point warns that not just this camera but any internet-connected digital camera could be vulnerable to ransomware attacks.

Unless photography is your career, photos might not seem like the juiciest ransomware target, but in terms of sentimental value, they can be right up there as the researchers note. "Hackers could then hold peoples' precious photos and videos hostage until the user pays a ransom for them to be released".

Again, we should stress that this is not necessarily a Canon-specific issue, as it is the Picture Transfer Protocol itself (rather than the cameras) that exhibits the security flaw.

Hong Kong stocks open with losses; Shanghai gains 0.3%
Australian shares dipped about 0.1 per cent while the South Korean market clawed back from early losses to rise 0.12 per cent. USA crude was down 0.53 per cent to $54.21 a barrel and global benchmark Brent crude shed 0.51 per cent to $58.23 per barrel.

Check Point, which presented its findings at the DEF CON hacking conference in Las Vegas on Sunday, informed Canon prior to the presentation and worked together to patch the vulnerabilities in an update released last week.

The full research report into the vulnerabilities is available from Check Point.

What Check Point ended up with is a malicious firmware update, which thanks to a PTP command allowing for remote firmware updates without need of user interaction, makes infecting a camera through a patch relatively easy to achieve.

"At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm", Canon said in the update published on August 6.

"Since modern cameras no longer use film to capture and reproduce images, the International Imaging Industry Association devised a standardised protocol known as Picture Transfer Protocol (PTP) to transfer digital images from camera to PC".

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.