Vulnerability in Canon DSLR left it open to ransomware attacks

12 Aug 2019

Image: © Tobias Arhelger/Stock.adobe.com

Security researchers said that Canon cameras were vulnerable to cyberattacks, while DSLR devices from other brands may also be at risk.

Cybersecurity researchers from Check Point set their sights on modern digital single-lens reflex (DSLR) cameras in their latest investigation, and found that Canon devices had been left open to ransomware attacks.

In digital photography, there’s a standardised protocol to transfer digital images from a camera to a computer, which is called the picture transfer protocol (PTP).

Check Point said: “Initially focused on image transfer, PTP now contains dozens of different commands that support anything from taking a live picture to upgrading the camera’s firmware.”

While it’s still possible to transfer photographs from a DSLR camera to PC via USB cable, most new cameras support Wi-Fi, meaning that every Wi-Fi-enabled device in close proximity can access the PTP.

While vulnerabilities relating to this feature have been pointed out in the past, Check Point wanted to see if it was possible to find implementation vulnerabilities in the protocol that would allow someone to take over a camera and infect it with ransomware. The cybersecurity company also noted that there are many other ways an attacker could take advantage of that type of vulnerability.

Researchers tested this out on Canon’s EOS 80D because Canon is the largest DSLR maker and controls 50pc of the market. Check Point also noted that Canon“has an extensive modding community, called Magic Lantern”, which is an “open-source software add-on that adds new features to the Canon EOS Cameras”.

The cybersecurity company detailed how a hacker can hijack the camera while in close proximity, which would allow an attacker to hold your photographs to ransom until a fee was paid to have them returned.

Eyal Itkin, who published the Check Point study, concluded: “Our research shows that any ‘smart’ device, in our case a DSLR camera, is susceptible to attacks. The combination of price, sensitive contents and wide-spread consumer audience makes cameras a lucrative target for attackers.”

Itkin’s team disclosed the vulnerability to Canon on 31 March 2019, and Canon published a patch as part of an official security advisory by 6 August. Check Point verified and approved of Canon’s patch before it was released to the general public.

Itkin added, in a comment to The Verge, that “due to the complexity of the protocol, we do believe that other vendors might be vulnerable as well, however, it depends on their respective implementation”. This means that users with Wi-Fi compatible DSLR devices from other brands may also be at risk.

In order to avoid falling victim to this type of attack, both Check Point and Canon advised users to ensure that their cameras are using the latest firmware and install patches if and when they become available. It’s also recommended that camera owners leave the device’s Wi-Fi turned off when it is not in use.

Kelly Earley was a journalist with Silicon Republic

editorial@siliconrepublic.com