Vulnerability in Canon DSLR made it vulnerable to ransomware attacks
Canon has since released a patch and advised users to update their firmware.
Cybersecurity researchers from Check Point set their sights on modern digital single-lens reflex (DSLR) cameras in their latest piece of research.
In digital photography, there’s a standardised protocol to transfer digital images from a camera to a computer, which is called the Picture Transfer Protocol (PTP).
Check Point said: “Initially focused on image transfer, PTP now contains dozens of different commands that support anything from taking a live picture to upgrading the camera’s firmware.”
While it’s still possible to transfer photographs from a DSLR camera to PC via USB cable, most new cameras support WiFi, meaning that every WiFi-enabled device in close proximity can access the PTP.
While vulnerabilities relating to this feature have been pointed out in the past, Check Point wanted to see if it was possible to find implementation vulnerabilities in the protocol that would allow researchers to take over a camera and infect it with ransomware (although, the cybersecurity company noted that there are many other ways an attacker could take advantage of that type of vulnerability).
They tested this out on Canon’s EOS 80D, because Canon is the largest DSLR maker and controls 50pc of the market. On top of this, Check Point said “Canon has an extensive modding community, called Magic Lantern”, which is an “open-source software add-on that adds new features to the Canon EOS Cameras”.
The cybersecurity company detailed how a hacker can hijack the camera while in close proximity, and uploaded a video demonstration of the attack, which would allow an attacker to hold your photographs to ransom until a fee was paid to have them returned.
Eyal Itkin, who published the study with Check Point, concluded: “Our research shows that any ‘smart’ device, in our case a DSLR camera, is susceptible to attacks. The combination of price, sensitive contents and wide-spread consumer audience makes cameras a lucrative target for attackers.”
Itkin’s team disclosed the vulnerability to Canon on 31 March 2019, and by 6 August, Canon published a patch as part of an official security advisory. Check Point verified and approved of Canon’s patch before it was released to the general public.
Itkin added, in a comment to The Verge, that “due to the complexity of the protocol, we do believe that other vendors might be vulnerable as well, however it depends on their respective implementation.” This means that users with Wi-Fi compatible DSLRs from other brands may also be at risk.
In order to avoid falling victim to this type of attack, both companies advised users to ensure that their cameras are using the latest firmware and install patches if/when they become available. It’s also recommended that camera owners leave the device’s Wi-Fi turned off when it is not in use.