By exploiting security vulnerabilities in popular internet-connected digital DSLR cameras, hackers could infect them with ransomware to render the devices useless or to deploy other types of malware on larger networks according to new research from Check Point Software.
Digital cameras use Picture Transfer Protocol (PTP) to transfer digital files and the firm’s researchers discovered how to exploit vulnerabilities in the protocol to infect a camera with ransomware, which they showed off at this year’s Defcon security conference.
Check Point decided to use the Canon EOS 80D for its tests as the device has both USB and Wi-Fi connectivity along with an active modding community that develops open source software for the camera. However, Check Point warns that not just this camera but any internet-connected digital camera could be vulnerable to ransomware attacks.
The researchers downloaded the firmware for the Canon camera and by using tools from the open source community, they were able to reverse engineer the code. They discovered several vulnerabilities including buffer flows that enabled code execution. This could be exploited to take control of a camera remotely using a malicious firmware update that would allow ransomware to be deployed.
This attack could also be executed through physical access to the camera via USB or by tricking a user into connecting to a rogue wireless network.
In addition to the threat of having all of the photos stored on a device locked as a result of a ransomware attack, malware installed on a digital camera could also be used to launch other attacks.
Security researcher at Check Point, Eyal Itkin explained to ZDNet how a compromised camera could pose a serious risk to businesses, saying:
“Once compromised, the attacker has full control over the camera, and they could brick it, use it as an espionage tool, or ransomware it as we demonstrated. These vulnerabilities are critical and could cause major harm to any business or industry that relies on digital cameras.”
Since PTP is used by many different devices, it is also possible that other cameras could be impacted by similar attacks.
Check Point disclosed the vulnerabilities it found to Canon and the company has issued a security update for all of its devices. This attack method has yet to be used in the wild but Canon still recommends that all users apply the update.