A visitor looks through Canon's first full-frame mirrorless digital camera Eos R during the first
After setting up a rogue Wi-Fi access point, which could be placed at a tourist attraction, and once the camera is in range and connected, an exploit is run that accesses the SD card and encrypts any photos it contains.
Check Point Software noticed that the Picture Transfer Protocol (PTP) - which is unauthenticated in both wired and wireless modes - is particularly vulnerable to malware attacks. But while this particular model was chosen for the experiment, researchers warn that any internet-connected digital camera could be vulnerable to the attacks.
Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
The critical flaw in Canon's Picture Transfer Protocol was reveled by Security Company Check Point Research during Hacking Conference DEF CON 2019.
The researchers say there are a few things camera owners can do to avoid being infected: make sure the camera is using the latest version issued by the firm, and install a patch if available; turn off the camera's WiFi when not in use; when using WiFi, use the camera as the WiFi access point, rather than connecting the camera to a public WiFi network. The attack could ultimately end up with the photos on the camera being locked by ransomware.
Unless photography is your career, photos might not seem like the juiciest ransomware target, but in terms of sentimental value, they can be right up there as the researchers note.
While malware on a camera might not sound like an immediate issue for an enterprise, it's entirely possible that a compromised device could be used as a stepping stone for other attacks.
"Initially focused on image transfer, this protocol has evolved to include dozens of different commands that support anything from taking a live picture to upgrading the camera's firmware", the report says. "Our research is just one more example to the relatively low state of security in day-to-day embedded devices", he added. Since then, they've worked together with Canon to patch the vulnerabilities that were found, which is why these findings were released alongside an official Security Advisory from Canon itself.
If you use a Canon DSLR and haven't seen a firmware update in a while, it's probably an excellent idea to keep an eye on Canon's support page until you do.
The details of the vulnerability and how it was exploited are complicated, and you can read all about it on Check Point Research's website.
Noticias recomendada
- Un muerto y 34 lesiones en accidente masivo en Ciego de Ávila
- Schedule release: Celtics open season October 23 in Philly
- Patriots boost tight end depth, acquire Saubert from Falcons
- ‘Unprecedented’: Supermassive Black Hole at Our Galaxy’s Center Just Flashed Like Crazy
- Stephen King comparte su opinión sobre La Casa de Papel: Parte 3
- Spoiler: Filtran video que anticiparía triunfo de Nicolás Gavilán en "Pasapalabra"
- Gesta histórica: Fabrizio Zanotti logra primera la medalla de oro para Paraguay
- Thai racer Albon trades places with Gasly on Red Bull F1 team
- Five killed in test accident at state nuclear company in Russian Federation
- FIFA World Cup: A tournament for everyone
