The details of the vulnerability and how it was exploited are complicated, and you can read all about it on Check Point Research's website. A hacker can remotely encrypt your SD Card and you won't be able to access the photos unless you pay the hacker. The surprised owner would then see a message that his pictures are no longer available unless he's willing to pay a ransom.
Itkin and his team chose to use a Canon camera for the simulation in part because Canon is the largest DSLR maker, controlling more than 50 percent of the market. "Such an infection could, for example, be used for installing a Ransomware on the camera, and demanding ransom for both the images and the camera itself". "Such a Remote Code Execution (RCE) scenario will allow attackers to do whatever they want with the camera, and infecting it with Ransomware is only one of many options", the statement added.
It seems not a single device is immune from hackers these days, including the DSLR camera, which generally has no internet connection. "Any "smart" device, including the DSLR camera, is susceptible to attacks," said Eyal Itkin, Security Researcher, Check Point Software Technologies. Even though Checkpoint focused on Canon hardware for the experiment, he later told The Verge, "due to the complexity of the protocol, we do believe that other vendors might be vulnerable as well, however it depends on their respective implementation". This information was shared with Canon before they made the video public giving them the time to get an updated firmware release out along with the official Service Advisory. A switch to wireless communication simply crashed the camera initially but later, he found a way to deliver the same malicious ransomware update without any cable or EOS Utility app. Users are also discouraged from connecting the camera to a PC or mobile device that is potentially infected with a virus. "Cameras are no longer just connected via USB, but to WiFi networks and their surrounding environment".
While malware on a camera might not sound like an immediate issue for an enterprise, it's entirely possible that a compromised device could be used as a stepping stone for other attacks. While there aren't any known examples of the attack being used in the wild, Canon has advised users to apply the update.
- Amit Shah carries out aerial survey in Karnataka, Maharashtra
- Man dramatically arrested following stabbing spree in Sydney's CBD
- Bianca Andreescu, 19, wins Rogers Cup after Serena Williams retires
- Samsung claims industry's first 108Mp image sensor for smartphones
- US delays tariffs on some Chinese goods, drops others
- United States billionaire Jeffrey Epstein kills self in jail
- Frank Lampard reveals conversations with David Luiz
- Volatility in China's yuan due to escalating US trade friction - PBOC official
- Best times to watch the 2019 Perseid meteor shower
- Perseid meteor shower set to peak: What you need to know