Canon DSLR Cameras which are renowned among professional photographers are said to be vulnerable to ransomware attacks over the air. Every other day more and more devices grow dependent on the internet connectivity to function and the threat of cyberattacks grow with it.
Digital cameras with built-in Wi-Fi let people quickly send images to other devices like laptops, but a vulnerability in the process could leave people’s cameras exposed.
Eyal Itkin at Israel-based firm Check Point found that the way cameras transfer information, the Picture Transfer Protocol (PTP), could be exploited.
Check Point Software Technologies released a report and video detailing how ransomware could be remotely installed onto a DSLR camera.
In the report, researcher Eyal Itkin found that a hacker can easily plant malware on a digital camera. He says that the standardized Picture Transfer Protocol is an ideal method for delivering malware because it’s unauthenticated and can be used with both Wi-Fi and USB.
The report notes that individuals with an infected Wi-Fi access point could extend it at a tourist destination to pull off an attack or infect a user’s PC.
Additionaly, in the video, Itkin shows off how he was able to exploit a Canon E0S 80D over Wi-Fi and encrypt the images on the SD card so that the user wouldn’t be able to access them.
He also reports that cameras could be a particularly juicy target for hackers. Why? They’re full of personal images that most people likely won’t want to walk away from.
A hacker, in a genuine ransomware attack, will typically demand a small amount of money in exchange for the key that will decrypt the files. This is usually a small amount that people would rather just pay to get rid of the inconvenience.
Check Point has known about this vulnerability for a couple of months now. After sharing about it with Canon back in March, the pair have been working together on a fix, with Canon issuing a warning to camera owners last week not to use unsecured WiFi networks.
The Japanese firm also advises owners to update and install the latest security patch.
Unfortunately Check Point did not reveal whether other manufacturers are also vulnerable, but in any case, all are adviced not to connect to unsecured WiFi networks regardless of what device you may be using.
