Security researchers have discovered a fundamental flaw within a Canon DSLR camera which could give hackers the ability to install malware via the camera’s Picture Transfer Protocol software. The researchers began by searching for and “dumping” the firmware of a free open-source software called Magic Lantern, used by a modding community of Canon owners to add new features to the cameras. Once obtained, they were able to hunt out vulnerabilities in the cameras themselves; in particular, flaws that could be used by hackers to install malware via the camera’s Picture Transfer Protocol. The protocol is an attacker’s delight because it’s both unauthenticated and supports “dozens of different complex commands,” researcher Eyal Itkin of Check Point said in a blog post.
Commenting on the news are the following security professionals: