Canon DSLR hacked with crypto-demanding ransomware – but for research

A picture is worth a thousand words, goes the old adage. And indeed, we attach a lot of value to our photographs as they remind us of moments we hold dear. But as was discovered by security researchers at Check Point Software Technologies, camera devices are also prone to ransomware attacks. The researchers were able to exploit the camera’s Wi-Fi connection to encrypt all the photos and then display a message demanding for ransom.

Camera devices have evolved and can now transfer photos using USB and Wi-Fi. This was the vulnerability that the Israeli cybersecurity firm sought to exploit. Led by Eyal Itkin, the team was able to remotely install the malware on Canon EOS 80D camera.

Digital cameras use the standardized Picture Transfer Protocol to transfer images. This protocol is much faster than traditional methods, but it’s also vulnerable to malware, Itkin revealed on a blog post. Being unauthenticated and usable with both Wi-Fi and USB, it provides an ideal method for delivering malware.

The security researchers were able to encrypt the images on the camera. They were also able to display a ransom message on the camera’s screen.

While cameras contain less crucial information compared to other targets such as mobile phones and computers, they are still a viable target. The researchers noted, “We take them to every important life event, we bring them on our vacations, and we store them in a protective case to keep them safe during transit. Cameras are more than just a tool or toy; we entrust them with our very memories, and so they are very important to us.”

Check Point revealed that it disclosed the vulnerability with Canon in March and together, the two companies developed a security patch in May. Last week, Canon issued a security advisory requesting its users to avoid using unsecured Wi-Fi networks and to install a new security patch onto the camera to thwart such an attack.

And while this should be enough to protect the Canon users, the researchers believe that other vendors are still vulnerable to the attack.

The vulnerability hasn’t been exploited yet, but with the cases of ransomware being rampant, Canon owners are best advised to install the security patch.