Your DSLR could be vulnerable to malware and ransomware
Check Point used Canon’s EOS 80D DSLR camera to demonstrate critical security vulnerabilities.
It is not just your phone or computer that are vulnerable to hacking. Security researchers have now warned that even DSLR cameras are not immune to ransomware and malware attacks. Through the USB and connections to Wi-Fi networks, threat actors can take control of data on modern cameras, found the researchers from cybersecurity firm Check Point Software Technologies.
"Any 'smart' device, including the DSLR camera, is susceptible to attacks," said Eyal Itkin, Security Researcher, Check Point Software Technologies.
"Cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to," Itkin added.
Once the camera is attacked, the photos could end up being held hostage until the user pays the ransom for them to be released.
Since modern cameras no longer use film to capture and reproduce images, the International Imaging Industry Association devised a standardised protocol known as Picture Transfer Protocol (PTP) to transfer digital images from camera to PC.
Initially focused on image transfer, this protocol has evolved to include dozens of different commands that support anything from taking a live picture to upgrading the camera's firmware.
Check Point Research, the threat intelligence arm of Check Point Software Technologies, aimed to access the cameras and exploit vulnerabilities in the protocol to infect the camera.
For the research, Check Point used Canon's EOS 80D DSLR camera which supports both USB and Wi-Fi, and critical vulnerabilities in the Picture Transfer Protocol were found.
Check Point Research informed Canon about the vulnerabilities and the companies worked together to patch them. Canon published the patch as part of an official security advisory.
Given that the protocol is standardised and embedded in other camera brands, the researchers believe similar vulnerabilities can be found in cameras from other vendors as well.
To avoid attacks, camera owners should make sure your camera is using the latest firmware version, and install a patch if available, Check Point recommended.
They should also turn off the camera's Wi-Fi when not in use.