Ransomware Can Now Be Remotely Installed On DSLR Cameras

Sheri Evans
August 14, 2019

Security researchers have discovered that DSLR cameras, which are connected to a Wi-Fi network, are vulnerable to ransomware attacks. The pair have been working together on a fix, with Canon issuing a warning to camera owners last week not to use unsecured WiFi networks.

Security firm Check Point Research chose to explore how straightforward it might be for someone with nefarious intent to compromise a camera, and discovered that it wasn't as hard as you might hope. "Such a Remote Code Execution (RCE) scenario will allow attackers to do whatever they want with the camera, and infecting it with Ransomware is only one of many options", the statement added.

Besides, an attacker can hijack your PC and propagate malware to the camera encrypting your photos with a key which you will have to pay a ransom in exchange for the decryption key.

That much was made clear at the annual DEF CON hacking conference in Las Vegas, where a security researcher demonstrated just how easy it is to remotely encrypt a digital camera with ransomware.

Since modern cameras no longer use film to capture and reproduce images, the International Imaging Industry Association devised a standardised protocol known as Picture Transfer Protocol (PTP) to transfer digital images from camera to PC.

5 killed in Russian missile test explosion
The radioactivity levels involved are "absolutely not comparable with those during serious accidents at reactors", he added. However, the radiation level started decreasing by 12:30 pm and returned to normal levels at around 2 pm, Rosatom said.

Congress faced split if a non-Gandhi took over
Analysts expect a clamor among party loyalists to appoint her daughter Priyanka Gandhi Vadra as her brother's successor. "Hence, the party leaders and cadres are confident that she would help the party come out of the crisis", he said.

Perseid Meteor Shower 2019 Peak Tonight: When And Where To Watch
However, it will face bright interference this year from the moon , which is close to being completely full, NASA said . Perseids are named after the son of Perseus from the Greek mythology as they hail from the constellation of Perseus.

Check Point points out that DSLR cameras are a clever attack target because photos often contain personal and sentimental value for the owner. For this research, the company used the Canon EOS 80D which offers both Wi-Fi and USB connectivity.

Check Point Research aimed to access the cameras and exploit vulnerabilities in the protocol to infect the camera.

Canon said while there have been no confirmed cases of the vulnerabilities being exploited to cause harm, it advised customers on how to use digital cameras securely. Check Point is quoted as saying they "believe that similar vulnerabilities can be found in the PTP implementations of other vendors as well".

Itkin's team disclosed the vulnerability to Canon on 31 March 2019, and by 6 August, Canon published a patch as part of an official security advisory. "Hackers could then hold peoples' precious photos and videos hostage until the user pays a ransom for them to be released". Following this, they accessed the PTP layer that had various PTP handlers (around 148), making the functionality highly vulnerable to malicious attacks.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER