Security firm Check Point shows how ransomware can be installed on Canon cameras
Security researchers with Check Point Research have demonstrated that it is possible to incapacitate a DSLR camera using wirelessly transmitted ransomware, a type of malware that forces victims to pay in order to decrypt their data. Though the demonstration involved using Wi-Fi, the researchers say it is also possible to hijack a DSLR camera using USB.
Modern cameras feature an unauthenticated protocol called Picture Transfer Protocol (PTP) that comes in two varieties: PTP/USB for wired connections and PTP/IP for wireless connections. Whereas USB requires the hacker to compromise the camera owner's computer, Wi-Fi makes it possible to target the camera directly by simply being located near the device.
The DSLR malware demonstration involved a Canon EOS 80D camera, with the researchers explaining that they chose this model due to Canon's popularity combined with the 80D's support for USB, Wi-Fi and open-source software called Magic Lantern.
The researchers detailed the technical aspects of developing this malware in a blog post, ultimately explaining:
‘The ransomware uses the same cryptographic functions as the firmware update process, and calls the same AES functions in the firmware. After encrypting all of the files on the SD Card, the ransomware displays the ransom message to the user.’
It's possible for hackers to set up a rogue Wi-Fi access point that causes these Wi-Fi-enabled cameras to automatically connect to the network, after which point the ransomware can be deployed. In a real-world scenario, this malware would demand payment from the victim -- usually a few hundred dollars -- in order to decrypt the images on the camera.
According to Check Point Research, Canon was contacted about these vulnerabilities in March and worked with the company to patch the security issues. Canon released the first security patch on August 6 alongside an advisory, shared below, detailing the PTP vulnerability and the cameras affected by by it.
Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions
August 6, 2019 — Thank you very much for using Canon products.
An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates. (CVE-ID: CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001）
Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.
At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.
- Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
- Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
- Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
- Disable the camera’s network functions when they are not being used.
- Download the official firmware from Canon’s website when performing a camera firmware update.
Please check the Web site of the Canon sales company in your region for the latest information regarding firmware designed to address this issue.
|Ill do anything for a nut by mountinmad|
from -Animals- (in Full Colours Only)
|Spiral Staircase by sgitlin|
from red challenge
|Panavia Tornado by jarud|
from Air Power
|Older than the Hills by knight427|
from Anything, Anytime, Anywhere
Walmart accidentally offered up bargain-basement rates for DJI drones and other camera gear from a company called Ecom Electronics that retails through its website.
Sony's RX100 VII has landed, but after seven(!) iterations you may be asking, "Is there anything left to add to this camera?" It turns out the answer is a resounding 'yes'. Watch Chris and Jordan's video review to learn what's new and why it matters.
Recently, the FAA granted recreational drone pilots access to LAANC. Now, they want to administer a test and are seeking the public's input.
Arcane Photos is an alternative to Google Photos and other cloud-based options for uploading and storing images that's blockchain-based and decentralized with an emphasis on privacy.
Matt, of the YouTube channel DIY Perks, has shared a video showing how old TVs and monitors can be upcycled into natural-looking light that resembles light coming through a window.
Now that we've completed our full review of Panasonic's high-megapixel full-frame flagship, the S1R, let's take a closer look at what it's like to use for everything from landscapes to sports.
The new Canon RF and Nikon Z mount options add to the Sony E, Fuji X, MFT, Canon EF and Nikon F mount versions currently available.
Z Cam has opened pre-orders for its new, 6K E2-F6 and 8K E2-F8 full-frame cinema cameras, which were first introduced during NAB 2019.
Leica has announced its APO-Summicron-SL 50mm F2 lens, which is designed for the L-mount system. The lens is the smaller, lighter and (slightly) cheaper little brother to the 50mm F1.4 and is now available for $4495.
The battery works with a7 III, a7R III and a9 camera systems and connects with your smartphone or tablet to help you keep tabs on the health of the battery. Oh, and you'll need to update the firmware of your camera battery.
Photo Rumors is reporting that the next-generation GoPro camera will feature a 12MP sensor capable of shooting 4K video at 120 fps and have the option for add-on screen, LED lighting and microphone accessories thanks to redesigned housing.
The Tamron 35-150mm F2.8-4 is being marketed as a dedicated portrait lens, offering focal lengths appropriate for both traditional long lens portraiture as well as wider-angle environmental portraits and lifestyle shots. Take a look at how it performs.
Luminar 4 photo editing software is slated to be released this Fall from Skylum. They recently offered up a more detailed sneak peek at the AI Sky Replacement filter that will be included in the update.
The replica is identical to the lunar version, down to the serial number plates, various labels and more.
Nearly four months after first announcing the CoolPix W150, Nikon has announced the pricing and availability of the camera in the United States.
In this video, award-winning photographer Max Lowe goes to Hawaii to meet adventurer and educator Austin Kino. To capture the experience, we gave Max a Panasonic Lumix DC-S1R, and the entire video was shot with the Lumix DC-S1.
A 23-second video shared online shows off what appears to be the rumored DJI ‘Mavic Mini’ drone previously seen in still images.
The GF 50mm F3.5 is the closest you'll find to a pancake lens for Fujifilm's GFX medium format system. This 40mm equiv. is dust and weather-sealed, lightweight and most importantly, very sharp.
Not all food photography hacks are what they seem. Commercial food photographer Scott Choucino breaks down a number of tips that aren't what viral online videos might've led you to believe.
Adobe's latest update speeds up editing on computers with more powerful GPUs and adds a number of other features to streamline your post-production workflow.
Instagram has banned one of its advertising partners, HYP3R, after it was allegedly caught scraping a huge amount of data on users.
The third-generation smartphone gimbal brings new features and folds up into a smaller package than ever before.
The Panasonic Lumix DC-G95 (G90 outside North America) is a 20MP mid-range mirrorless camera aimed at both stills and video shooters, but it faces some pretty stiff competition. Find out how it performs in our in-depth review.
First teased last week, Samsung has made its massive 108MP smartphone camera sensor official.
Security firm Check Point has detailed how it managed to hack into a Canon 80D DSLR to install a ransomware that encrypts images on the SD card to prevent them from being viewed.
DJI is expected to announce a new drone tomorrow and it seems little has been hidden according to the latest leaked images and specifications.
The lens is an affordable portrait-oriented lens with a 13-blade aperture diaphragm.
The Nikon Z 35mm F1.8 S is one of a trio of optics unveiled right at the start of the Z system – and with a classic focal length and usefully wide aperture, its appeal should be broad. But is it any good?
Though it lacks some of the bells and whistles offered by the G5 X II, the Canon PowerShot G7 X Mark III adds a newer 1" sensor design and some useful upgrades to an already impressive compact. Take a look at some of our first shots and keep an eye out for our full analysis soon.
Photographer Irene Rudnyk shows how she captured portraits in her backyard using little more than a garden shed and natural light.