Not even your digital camera is safe from the threat of malicious computer bugs, according to security researchers.
In a report released earlier this week by analysts at Check Point Software Technologies, researchers detail how they were able to remotely install ransomware on a DSLR by exploiting the standardized Picture Transfer Protocol.
The protocol, developed to allow the transfer of pictures from a camera to one’s computer via WiFi is a particularly easy target according to researchers.
A DSLR exploit allows hackers to infect cameras with ransomware say security researchers. Stock image
The program is unauthenticated — meaning its not protected by password or other security measures — and also able to be exploited through WiFi or USB.
‘Today’s cameras are embedded digital devices that connect to our computers using USB, and the newest models even support WiFi,’ say the researchers.
‘While USB and WiFi are used to import our pictures from the camera to our mobile phone or PC, they also expose our camera to its surrounding environment.’
By leveraging PTP, researchers showed how they were able to gain access to the camera and install ransomware.
A bug designed by the analysts would encrypt images in the device at which point a theoretical hacker could demand a sum of money from a victim in exchange for returning those files.
By locking the devices pictures, hackers could theoretically demand money from the victim to give access back.
WHAT IS RANSOMWARE?
Cybercriminals use ‘blockers’ to stop their victim accessing their device.
This may include a mesage telling them this is due to ‘illegal content’ such as porn being identified on their device.
Anyone who has accessed porn online is probably less likely to take the matter up with law enforcement.
Hackers then ask for money to be paid, often in the form of Bitcoins or other untraceable cryptocurrencies, for the block to be removed.
In May 2017, a massive ransomware virus attack called WannaCry spread to the computer systems of hundreds of private companies and public organisations across the globe.
Researchers show how they were able to plaster this ransom message demanding Bitcoin, on the camera’s display.
‘How you would respond if attackers injected ransomware into both your computer the camera, causing them to hold all of your pictures hostage unless you pay ransom?,’ the researchers write.
In their demonstration, researchers used Canon’s EOS 80D DSLR, a company that they noted is the most popular purveyor of digital cameras, with more than 50 percent of the market share.
Flaws were disclosed to Canon in March and according to Check Point, the company issued a patch as well as a security advisory reminding people not to use unsecured WiFi networks.
Despite the apparent fix, Check Point says the flaw is likely affecting other models since the protocol is standardized.
‘Although the tested implementation contains many proprietary commands, the protocol is standardized, and is embedded in other cameras,’ write researchers.
‘Based on our results, we believe that similar vulnerabilities can be found in the PTP implementations of other vendors as well.’