A security researcher from Check Point Software Technologies has demonstrated a technique that makes it possible to install ransomware on a Canon DSLR. The demonstration can be seen in a video.
The security researcher, Eyal Itkin, specifically infects a Canon EOS 80D.
In the digital camera there appears to be a vulnerability in the picture transfer protocol (PTP), writes Silicon Angle. PTP is a protocol used to transfer images from a digital camera to computers. The protocol supports both USB cables and wifi connections for this purpose.
PTP is an unverified protocol that can support multiple data streams. That includes rogue commandos. In the video Itkin shows how he can infect the camera in less than 60 seconds.
Itkin does this by turning on the camera, taking pictures and using a laptop to connect to the wifi access point on the device. It then uploads ransomware via the connection to the camera. The photos are encrypted and a ransomware message appears.
Our research shows how an attacker who is nearby or an attacker who has already taken over our PC can also infect our beloved cameras with malware, according to Itkin.
Imagine how you would react if attackers infected both your computer and the camera with ransomware, holding all your photos hostage until you pay a ransom.
Check Point Software Technologies informed Canon of the problem before the video was made. This was on March 31st. Canon has now published a security advisory, as well as a patch.
However, the patch must be installed by updating the software on the camera. Not all users do this.
Although the vulnerability was demonstrated on a Canon EOS 80D, it is also present on other cameras of the company. Moreover, the error is not exclusive to Canon, but also occurs on cameras from other manufacturers.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.