Cameras are more than just a tool or toy; we entrust them with our memories, making them important. Photography as a trend is growing and has resulted in increased use of DSLR cameras. However, Check Point Research recently found multiple critical vulnerabilities in a leading brand of DSLR cameras—Canon. Research shows that the cameras are susceptible to attacks when connected with Wi-Fi or connected via USB to an infected computer.
Check Point Research, the threat intelligence arm of Check Point Software Technologies, a leading provider of cybersecurity solutions globally, revealed that through the USB and connections to Wi-Fi networks, today’s modern cameras are vulnerable to ransomware and malware attacks. Since modern cameras no longer use film to capture and reproduce images, the International Imaging Industry Association devised a standardised protocol known as Picture Transfer Protocol (PTP) to transfer digital images from camera to PC.
Initially focused on image transfer, this protocol has evolved to include dozens of different commands that support anything from taking a live picture to upgrading the camera’s firmware.
Check Point Research aimed to access the cameras and exploit vulnerabilities in the protocol to infect the camera. For the research, Check Point used Canon’s EOS 80D DSLR camera which supports both USB and Wi-Fi, and critical vulnerabilities in the PTP were found. Given that the protocol is standardided and embedded in other camera brands, Check Point believes similar vulnerabilities can be found in cameras from other vendors as well.
“Any smart device, including the DSLR camera, is susceptible to attacks,” says Eyal Itkin, security researcher, Check Point Software Technologies. “Cameras are no longer just connected to the USB, but to the Wi-Fi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. The photos could end up being held hostage until the user pays the ransom for them to be released.”
Here are some things camera owners can do to avoid being infected:
> Your camera should use latest firmware version. Install a patch if available.
> Turn off the camera’s Wi-Fi when not in use.
> When using Wi-Fi, use the camera as the Wi-Fi access point, rather than connecting camera to a public Wi-Fi network.
Check Point Research has informed Canon about the vulnerabilities and the companies worked together to patch them. Canon published the patch as part of an official security advisory in English and Japanese.