There’s a brand new category of devices that could be vulnerable to a ransomware attack: DSLR Cameras.
What are most people afraid of losing? On the top 10 would be pictures and videos of precious memories.
There is a report released by Check Point Software Technologies, a security research firm. They were able to install malware remotely on a Canon EOS 80D DSLR camera, which in turn encrypted all photos stored on the camera’s SD card. According to researcher Eyal Itkin, hackers could easily transfer malware on the camera using the Picture Transfer Protocol (PTP), which is unauthenticated and can be used to insert malware either over the air (Wi-Fi) or using the USB port.
Picture Transfer Protocol (PTP) was initially designed to transfer content from digital cameras to computers and other peripheral devices without the need of additional device drivers. It was initially designed to transfer images, but can now be used for many things such as taking live photographs, upgrading camera firmware, among other things.
Newer camera models now have Wi-Fi functionality which lets you transfer image over Wi-Fi. A few years back, you have to connect the camera via USB or remove the SD card and use a card reader before you can transfer files.
Although Wi-Fi is very useful, it has its disadvantages. This can be exploited by hackers as shown by security researcher Eyal Itkin. SD-Card storage sizes are increasing in storage capacity. Imagine bringing your camera to a tourist destination and then suddenly, your camera’s Wi-Fi gets hacked and the contents of your SD-Card containing your photos and videos become encrypted all of a sudden. And these hackers would later on demand you pay them before you can get your priceless photos and videos. What a total nightmare.
Devices such as cameras are getting more and more computer components in them which would eventually make them hackable. Same thing as your computers, they need updates.
To prevent this from happening to you, it is recommended to upgrade the firmware and software patches if available. Canon has already released one. It is important to turn off Wi-Fi when not being used. When using your camera Wi-Fi feature, prefer using the camera as the Wi-Fi access point, rather than connecting your camera to a public Wi-Fi network.
Below is a video from CheckPoint where you can see the proof of concept in action:
