Security firm Check Point shows how ransomware can be installed on Canon cameras
Security researchers with Check Point Research have demonstrated that it is possible to incapacitate a DSLR camera using wirelessly transmitted ransomware, a type of malware that forces victims to pay in order to decrypt their data. Though the demonstration involved using Wi-Fi, the researchers say it is also possible to hijack a DSLR camera using USB.
Modern cameras feature an unauthenticated protocol called Picture Transfer Protocol (PTP) that comes in two varieties: PTP/USB for wired connections and PTP/IP for wireless connections. Whereas USB requires the hacker to compromise the camera owner's computer, Wi-Fi makes it possible to target the camera directly by simply being located near the device.
The DSLR malware demonstration involved a Canon EOS 80D camera, with the researchers explaining that they chose this model due to Canon's popularity combined with the 80D's support for USB, Wi-Fi and open-source software called Magic Lantern.
The researchers detailed the technical aspects of developing this malware in a blog post, ultimately explaining:
‘The ransomware uses the same cryptographic functions as the firmware update process, and calls the same AES functions in the firmware. After encrypting all of the files on the SD Card, the ransomware displays the ransom message to the user.’
It's possible for hackers to set up a rogue Wi-Fi access point that causes these Wi-Fi-enabled cameras to automatically connect to the network, after which point the ransomware can be deployed. In a real-world scenario, this malware would demand payment from the victim -- usually a few hundred dollars -- in order to decrypt the images on the camera.
According to Check Point Research, Canon was contacted about these vulnerabilities in March and worked with the company to patch the security issues. Canon released the first security patch on August 6 alongside an advisory, shared below, detailing the PTP vulnerability and the cameras affected by by it.
Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions
August 6, 2019 — Thank you very much for using Canon products.
An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates. (CVE-ID: CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001）
Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.
At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.
- Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
- Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
- Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
- Disable the camera’s network functions when they are not being used.
- Download the official firmware from Canon’s website when performing a camera firmware update.
Please check the Web site of the Canon sales company in your region for the latest information regarding firmware designed to address this issue.
|Diver's Watch-2757 by vbuhay|
|Cerulean Sukhoi by cjf2|
|Cheetah in the wild by cmgpereira|
|Kilchurn Castle, Scotland by johanmieke|
from Ancient Castles, Forts, and Defensive Structures - EXTERIOR
The Axibo slider can detect and keep focused on faces and most objects thanks to an integrated 6 + 1 AI core CPU
Fujifilm has announced that it is developing a 50mm F1.0 lens for its X-series, instead of the promised 33mm F1.0, as part of its X Summit event in Tokyo.
Fujifilm has revealed extensive detail about its forthcoming X-Pro3 model in a development announcement at its Fujifilm X Summit in Tokyo, Japan.
Ricoh has stated that it's developing a new flagship APS-C DSLR that it'll preview later this month and expects to bring to market in 2020.
Apple says the iPhone XR isn't going anywhere – even now that the iPhone 11 is on sale. The two devices are priced $100 apart – so what does that extra cash get you?
Something about these seems a little familiar, but we can't quite put our finger on it.
ON1 Photo RAW 2020 is now available as a public beta, bringing with it new and improved features across the board, including more AI-powered tools, improved performance and multiple integrations for a more streamlined workflow.
Huawei has announced the details of its new flagship smartphone, the Mate 30 Pro.
Sebastiaan de With, co-founder of the iOS camera app Halide, has used his app's technical readout feature to obtain very detailed camera specifications for the iPhone 11 Pro.
Our guide to the best cameras over $2000 has been updated to include overviews of some of the latest contenders.
Apple joked about the new 120 fps recording mode on its latest smartphone with 'slofies,' a made-up word that combines slo-mo and selfies, but it turns out it might've not been quite as tongue-in-cheek as we initially thought.
The C1 and C1 Plus aspire to bring studio-style lights to the world of smartphone photography for $299 and 499, respectively.
In a press release on its website, Photokina has confirmed that Leica, Nikon and Olympus have canceled their reservations for Photokina 2020.
Readers were quick to point out that Robert Frank wasn't the only iconic artist the photography community lost recently. Peter Lindbergh, Charlie Cole and Fred Herzog have also passed away.
Back in the film days Canon had 'eye-controlled' focus that let you set an AF point just by looking at it, and a recent patent suggests Canon is still interested in this technology. Chris and Jordan consider what a modern eye-controlled AF system might mean to photographers.
CyberLink has revealed the latest updates to its suite of creative production apps, including PhotoDirector 11, PowerDirector 18 and more.
Aputure's impending LED light has 600W raw output in a size not much larger than your standard cinema light.
Apple's iPhone 11 camera updates will inevitably be seen as attempts to catch up to Android. But, taken together, we think they stack up to meaningful upgrades that might make an already very capable camera one of the most compelling options on the market.
Monogram, a company formerly known as Palette Gear, has a new crowdfunded campaign up for its next-generation modular control panel, the Creative Console.
Rumors have been heating up regarding Canon's potential IBIS system and this new patent application gives us the best look yet at what Canon is up to.
The new filters use artificial intelligence to automatize and simplify a range of portrait retouching tasks.
The Laowa 100mm F2.8 2X Ultra Macro APO is unusual among macro optics for offering a maximum reproduction ratio of 2:1. Check out our gallery to see how it performs.
A group of friends traversed around California in an attempt to recreate the stock wallpapers Apple has included with macOS.
With iOS 13 the iPhones XS and XR as well as the latest iPad Pro models will be capable of simultaneously recording video streams from multiple cameras.
The paid firmware update doubles the range for remote cameras/flash units and brings a number of additional features.
The two ‘MicroPrime’ lenses add additional options to SLR Magic's current MFT cine lens lineup, which includes the 12mm T2.8 and 18mm T2.8.
It's not every day that we get to shoot with a system like the medium-format IQ4. We took it into the studio for some portraiture as well as a more casual spin around the block because, well, why not?
Our friends over at Cinema5D have gone hands-on with Sony's new full-frame cinema camera, the FX9, and shared their thoughts on what the camera has to offer.
The Google Pixel 4 will likely launch with an astrophotography feature, HDR in the preview image and a range of other new imaging functions.