DSLR: Knock, Knock! It’s a Ransomware
By Prempal Singh
A camera is an important tool used by us to capture each and every important experience and moment of your life, we entrust them with our precious memories, so they are really important to us. But it’s time to beware before saying cheese because the camera can also be vulnerable to ransomware and malware attacks.
Today’s cameras are digital devices that can connect to our computer using USB and in the new models, there is also WiFi support. USB and WiFi are basically used to import pictures from the camera to our mobile phone and PC, but due to these features, they are also exposed to its surrounding environment. This makes them more vulnerable and the attackers can easily inject ransomware into both the cameras and PC which is connected to it.
Once the camera is attacked by the attackers, the photos could end up being held hostage until the user pays the ransom for them to be released.
Modern cameras are no longer using the films to capture and reproduce images, the International Imaging Industry Association created a standardized protocol known as Pictures Transfer Protocol (PTP) to transfer digital images from the camera to the PC.
This protocol was only created to transfer images, but now this protocol is used for many things such as taking live photographs, upgrading camera firmware and many other things.
Check Point Research, the threat intelligence arm of Check Point Software Technologies, aimed to gain access to cameras and exploit vulnerabilities in the protocol to infect the camera. For research, Researchers used Canon’s EOS 80D DSLR camera which supports both USB and WiFi, and they found the critical vulnerabilities in the Picture Transfer Protocol.
Check Point Research informed Canon about the vulnerabilities and the companies worked together to patch them. Canon published this patch as a part of an official security advisory.
This protocol is standardized and is also embedded in other camera brands, so the researchers believe that similar vulnerabilities can be found in cameras from other vendors.
So, to avoid your camera from being a victim, the camera owner should make sure that your camera is using the latest firmware version, and install the patch if available.
Today’s cameras are digital devices that can connect to our computer using USB and in the new models, there is also WiFi support.So, to avoid your camera from being a victim, the camera owner should make sure that your camera is using the latest firmware version, and install the patch if available.
You can also turn off the camera’s WiFi when this feature is not in use.