Security firm Check Point shows how ransomware can be installed on Canon cameras
Security researchers with Check Point Research have demonstrated that it is possible to incapacitate a DSLR camera using wirelessly transmitted ransomware, a type of malware that forces victims to pay in order to decrypt their data. Though the demonstration involved using Wi-Fi, the researchers say it is also possible to hijack a DSLR camera using USB.
Modern cameras feature an unauthenticated protocol called Picture Transfer Protocol (PTP) that comes in two varieties: PTP/USB for wired connections and PTP/IP for wireless connections. Whereas USB requires the hacker to compromise the camera owner's computer, Wi-Fi makes it possible to target the camera directly by simply being located near the device.
The DSLR malware demonstration involved a Canon EOS 80D camera, with the researchers explaining that they chose this model due to Canon's popularity combined with the 80D's support for USB, Wi-Fi and open-source software called Magic Lantern.
The researchers detailed the technical aspects of developing this malware in a blog post, ultimately explaining:
‘The ransomware uses the same cryptographic functions as the firmware update process, and calls the same AES functions in the firmware. After encrypting all of the files on the SD Card, the ransomware displays the ransom message to the user.’
It's possible for hackers to set up a rogue Wi-Fi access point that causes these Wi-Fi-enabled cameras to automatically connect to the network, after which point the ransomware can be deployed. In a real-world scenario, this malware would demand payment from the victim -- usually a few hundred dollars -- in order to decrypt the images on the camera.
According to Check Point Research, Canon was contacted about these vulnerabilities in March and worked with the company to patch the security issues. Canon released the first security patch on August 6 alongside an advisory, shared below, detailing the PTP vulnerability and the cameras affected by by it.
Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions
August 6, 2019 — Thank you very much for using Canon products.
An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates. (CVE-ID: CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001）
Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.
At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.
- Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
- Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
- Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
- Disable the camera’s network functions when they are not being used.
- Download the official firmware from Canon’s website when performing a camera firmware update.
Please check the Web site of the Canon sales company in your region for the latest information regarding firmware designed to address this issue.
The system can simulate the camera's movement and the set lighting to perfectly match the background with the scene.
Optical Character Recognition (OCR) isn't new technology, but this does mark the beginning of an era where you can search for text found within your images hosted on Google Photos.
Photographer Aryeh Nirenberg used an astro-modified Sony a7S II to capture the 1,100 images that went into making this 55-second timelapse.
The Sony RX100 VII takes the place of its RX100 VA sibling as our top overall pick, while the Canon G5 X II replaces the Panasonic LX100 II as our alternate choice.
A recent screenshot from the German Nikon Professional Service website shows that only 1,000 of Nikon's 500mm F5.6 PF ED VR lens are being produced each month.
Viltrox has shared photos and specifications on its official Weibo account of three upcoming APS-C lenses for Fujifilm, Sony and Leica camera systems.
Weird lens aficionado Mathieu Stern quite literally got more than he bargained for when he paid just €2 for a rare projector lens that creates some of the most intense swirly bokeh we've ever seen.
The short video shows off the silhouettes of four new lenses — one large lens and three compact lenses — alongside two current Tamron Sony E mount lenses.
The Sony Cyber-shot DSC-RX100 VII is the most capable pocket camera currently on the market thanks to a combo of good image quality, smooth stabilized 4K and an industry-leading autofocus implementation. For these reasons it receives our gold award.
New top end calibration package aims to reduce waste when printing on difficult surfaces by making color measurement more accurate
Moment's new 37mm Cine filters are compatible with various models of iPhone, Pixel, OnePlus and Galaxy devices.
Instagram has dismissed another viral spam image that is circulating on its platform, this one claiming that, starting tomorrow, all user content will be made public (including deleted messages) and that the company will be able to use images against users in court.
The upcoming products are designed to create a ‘complete line of photo and video products’ designed for photographers of all levels.
Sony's FE 35mm F1.8 answers a lot of a7-series photographers' prayers. But was it worth the wait? Find out in our full review.
Nikon has finally made it possible to transfer Raw images from their Wi-Fi-capable cameras to smartphones and tablets running the new SnapBridge 2.6 application.
DroneDJ conducted a comprehensive search of DJI's official online store and noticed most models were out of stock.
The new app, which is limited to iOS, for the time being, makes it easy to deliver images to clients, who can easily sort through and download images on-the-go.
The adapter uses a six-element design to make the most of even the fastest Hasselblad V lenses on Fujifilm's GFX mount camera systems.
Huawei's upcoming high-end devices are likely to catch up with Apple and Samsung in terms of 4K video frame rates.
In this video we’ve traveled to southern Spain with the Olympus OM-D E-M1X. There, we headed for the town of Sevilla to meet up with action sports photographer Fernando Marmolejo.
Henry Diltz recounts how he became the official photographer of Woodstock and shares what it looked like through the viewfinder.
Canon Australia appears to have leaked two upcoming cameras in a pair of promotional videos - an ‘EOS M6 II’ and an ‘EOS 90D.’
The adapter sits inside the camera and compresses the lens image to fit the camera's Super 35mm sensor, and restoring the look of the original focal length of the lens
Sydney-based coder Greig Sheridan and his photographer partner Rocky have introduced Intervalometerator, an open-source intervalometer designed for deploying inexpensive remote time-lapse systems involving Canon DSLRs, Arduino and Raspberry Pi hardware.
The lens, set to ship later this year for a yet-to-be-determined price, is an update to Yongnuo's original 35mm F1.4 lens that adds an ultrasonic motor.
The One Action's ultra-wide camera lets you to record horizontal video while holding the phone vertically.
Prograde says its new program scans for ‘key attributes of your card’s use history to determine how much life is remaining before you reach design limits’ and can ‘clean up the way data is stored to your card to ensure it’s optimized for the highest performance.’
We've been busy shooting around Seattle with Sigma's new 45mm F2.8 full-frame lens and have topped off our initial sample gallery accordingly. Have a look.
We recently reviewed the Panasonic Lumix DC-G95 (also known as the G90, G91 and G99) and found it to be a good all-around camera. But is it best for the kind of shooting that you do? Click through to find out if the G95 is right for you.
The Canon RF 24-240mm F4-6.3 IS is a do-everything lens for the RF system, designed to cover pretty much any situation from sweeping landscapes to capturing distant details. Take a look at how it performs in our sample gallery.