Even DSLR cameras are vulnerable to ransomware

Joanna Estrada
August 12, 2019

Why it matters: It seems that an increasing number of electronic gadgets are vulnerable to hackers these days, including some DSLR cameras. Once they had control, they were able to install "ransomware," encrypting all of the photos on the SD card and holding them hostage until and unless the victim pays a sum of money (usually in cryptocurrency) to receive the encryption key and unscramble their images.

Turn off the camera's WiFi when not in use.

Check Point Research, the threat intelligence arm of the company, discovered vulnerabilities in the internationally standardized protocol for the transfer of digital images from camera to PC, known as the Picture Transfer Protocol (PTP). This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to.

What Check Point ended up with is a malicious firmware update, which thanks to a PTP command allowing for remote firmware updates without need of user interaction, makes infecting a camera through a patch relatively easy to achieve. The firmware could enable ransomware to be deployed, because the two share the same cryptographic processes.

It's possible to execute the attack through physical access to the camera via USB, but also remotely via Wi-Fi if the camera's user could be tricked into connecting to a rogue wireless network.

While malware on a camera might not sound like an immediate issue for an enterprise, it's entirely possible that a compromised device could be used as a stepping stone for other attacks.

"At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm", Canon said in the update published on August 6.

Disable the camera's network functions when they are not being used.

PTP was initially only meant to transfer images, but can now be used for many things such as taking live photographs, upgrading camera firmware, among other things.

"Now that we are aware of this vulnerability, we will ensure it is corrected in future products that we develop", a Canon spokesperson told ZDNet.

The details of the vulnerability and how it was exploited are complicated, and you can read all about it on Check Point Research's website.

Other reports by Click Lancashire

Discuss This Article