Published: Wed, August 14, 2019
IT | By Lester Massey

Researchers find security vulnerability in DSLR cameras

Researchers find security vulnerability in DSLR cameras

PTP is a protocol used to transfer images from digital camera to computers with support for both USB cables and Wi-Fi connections.

It is suggested that the Picture Transfer Protocol (PTP) functionality found in DSLRs can easily be exploited, given that the PTP is unauthenticated.

With many newer camera models now supporting WiFi, what was once a USB-exclusive protocol that was accessible only to USB connected devices, is now also accessible to every WiFi-enabled device in close proximity, opening the device up to malicious takeover.

"In our research, we aim to advance beyond the point of accessing and using the protocol's functionality. Attackers can inject ransomware into both the camera and PC", Itkin added.

Besides, an attacker can hijack your PC and propagate malware to the camera encrypting your photos with a key which you will have to pay a ransom in exchange for the decryption key.

Check Point, which presented its findings at the DEF CON hacking conference in Las Vegas on Sunday, informed Canon prior to the presentation and worked together to patch the vulnerabilities in an update released last week.

Check Point Software Technologies has released a report detailing security vulnerabilities in DSLR cameras which allow attackers to infect the devices with ransomware.

Unless photography is your career, photos might not seem like the juiciest ransomware target, but in terms of sentimental value, they can be right up there as the researchers note.

For now, PetaPixel reports that Canon DSLR users with WiFi equipped cameras are being advised to disable the camera's network functions when they are not being used.

"As PTP is widely used by all digital camera vendors, we do believe that similar vulnerabilities will affect other vendors as well", Itkin said.

Itkin's team disclosed the vulnerability to Canon on 31 March 2019, and by 6 August, Canon published a patch as part of an official security advisory. Iktin told The Verge that other devices could be vulnerable as well, due to the complexity of the Picture Transfer Protocol.

However, a wide range of Canon cameras could potentially be at risk. For starters, while most modern DSLR cameras have WiFi built in, the general slow transfer speed means that people tend to transfer directly via SD card, unless they're just moving one or two images. Eventually, he has found a way to compromise the same camera over a wireless network.

Like this: