DSLR cameras could be at risk from ransomware

Wednesday, 14 Aug, 2019

The details of the vulnerability and how it was exploited are complicated, and you can read all about it on Check Point Research's website. A hacker can remotely encrypt your SD Card and you won't be able to access the photos unless you pay the hacker. The surprised owner would then see a message that his pictures are no longer available unless he's willing to pay a ransom.

The researchers presented how an attacker can inject the malware and encrypt photos in the camera's memory using the cryptographic process.

Itkin and his team chose to use a Canon camera for the simulation in part because Canon is the largest DSLR maker, controlling more than 50 percent of the market. "Such an infection could, for example, be used for installing a Ransomware on the camera, and demanding ransom for both the images and the camera itself". "Such a Remote Code Execution (RCE) scenario will allow attackers to do whatever they want with the camera, and infecting it with Ransomware is only one of many options", the statement added.

It seems not a single device is immune from hackers these days, including the DSLR camera, which generally has no internet connection. "Any "smart" device, including the DSLR camera, is susceptible to attacks," said Eyal Itkin, Security Researcher, Check Point Software Technologies. Even though Checkpoint focused on Canon hardware for the experiment, he later told The Verge, "due to the complexity of the protocol, we do believe that other vendors might be vulnerable as well, however it depends on their respective implementation". This information was shared with Canon before they made the video public giving them the time to get an updated firmware release out along with the official Service Advisory. A switch to wireless communication simply crashed the camera initially but later, he found a way to deliver the same malicious ransomware update without any cable or EOS Utility app. Users are also discouraged from connecting the camera to a PC or mobile device that is potentially infected with a virus. "Cameras are no longer just connected via USB, but to WiFi networks and their surrounding environment".

While malware on a camera might not sound like an immediate issue for an enterprise, it's entirely possible that a compromised device could be used as a stepping stone for other attacks. While there aren't any known examples of the attack being used in the wild, Canon has advised users to apply the update.