Critical Flaw Within Canon DSLR Camera Can Lead To Ransomware Attack

Security researchers have discovered a fundamental flaw within a Canon DSLR camera which could give hackers the ability to install malware via the camera’s Picture Transfer Protocol software. The researchers began by searching for and “dumping” the firmware of a free open-source software called Magic Lantern, used by a modding community of Canon owners to add new features to the cameras. Once obtained, they were able to hunt out vulnerabilities in the cameras themselves; in particular, flaws that could be used by hackers to install malware via the camera’s Picture Transfer Protocol. The protocol is an attacker’s delight because it’s both unauthenticated and supports “dozens of different complex commands,” researcher Eyal Itkin of Check Point said in a blog post.

Commenting on the news are the following security professionals:

Casey Ellis, CTO and Founder,  Bugcrowd
August 13, 2019
The important illustration is the role of the ethical hacking community in highlighting these flaws.
I’ve been waiting to see what target the ransomware threat/business model would go after next, and I’d say the personal and irreplaceable photos are a pretty logical next target. CheckPoint did a good job of pre-empting this with the research they presented. The proof-of-concept ransomware attack on DSLR cameras is clever. It’s also difficult to exploit at scale in the wild, which is a cor ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
August 12, 2019
Once the upload is completed, WiFi should be disabled to ensure malicious actions can’ be performed on the camera.
Protocols are funny things. When created, they often assume a specific physical interface or connection. When a protocol becomes popular, the semantics, assumptions and interfaces can become standards – process which happened with PTP. As technologies evolve, it’s not the least bit uncommon for protocols to follow suit, often with implementation reviews which lack awareness of the full semanti ....
[Read More >>]
Javvad Malik, Security Awareness Advocate,  KnowBe4
August 12, 2019
The impact to a professional photographer, like a journalist, or wedding photographer would be significant.
This is an interesting vulnerability. It does, however, require the victim to be connected to a rogue wifi hotspot which limits the attacker to being in close physical proximity to the intended victim. Turning off network features in the camera will prevent the attacker from being successful, as will downloading the Canon patch for the camera. However, it's a good exercise for people to underst ....
[Read More >>]
Martin Jartelius, CSO ,  Outpost24
August 12, 2019
A piece of simple and sound advice is not to connect “smart” devices to unknown networks.
The attack is novel, but historically attacks that require a physical distribution such as an attacker-controlled WIFI access-point are far less exploited in practice than attacks that can rely on purely digital distribution. The important thing to remember – if it can be connected to a WIFI, that is a strong indication it has a computer, and if it has a computer, there is a good chance it can b ....
[Read More >>]
Paul Edon, Senior Director (EMEA) ,  Tripwire
August 12, 2019
Connected devices shouldn’t be deployed directly on the Internet without adequate security reviewed.
Preventing attacks against connected devices like DSLR cameras requires effort from both industry and users. Vendors of such devices need to adhere to best practices for built-in security measures, including patching known vulnerabilities. These systems can’t be deployed without consideration for future security updates, ideally automated updates. Consumers need to be aware of the security risks ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article