Connectivity could make digital cameras vulnerable to ransomware
Modern digital cameras with wireless and USB capabilities could be vulnerable to ransomware and malware attacks, enabling attackers to hold precious photos and videos to ransom.
Check Point Research reveals that the standardized protocol known as Picture Transfer Protocol (PTP) used to transfer digital images from camera to PC has critical vulnerabilities.
Although initially focused on image transfer, the PTP has evolved to include dozens of different commands that support anything from taking a live picture to upgrading the camera's firmware. Check Point used Canon's EOS 80D DSLR camera which supports both USB and WiFi and found PTP vulnerable to attack. But because the protocol is standardized and embedded in other camera brands too, Check Point believes similar vulnerabilities can be found in cameras from other vendors.
"Any 'smart' device, including DSLR cameras, are susceptible to attacks," says Eyal Itkin, security researcher at Check Point Software Technologies. "Cameras are no longer just connected via USB, but to WiFi networks and their surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. Hackers could then hold peoples’ precious photos and videos hostage until the user pays a ransom for them to be released."
Camera owners are advised to make sure their camera is using the latest firmware version, and install any patches available. They should also turn off the camera's Wi-Fi when not in use, and when using Wi-Fi, choose to use the camera as the access point, rather than connecting it to a public Wi-Fi network.
Check Point Research has informed Canon about the vulnerabilities and the companies have worked together to patch them. Canon has published the patch as part of an official security advisory.
You can see a video demonstrating the vulnerability below.