Data Security

White hat hackers infect Canon DSLR camera with ransomware

In July this year, in-depth research into cybercrime and online threats revealed that in 2018, ransomware-type attacks caused $8 billion in damages. It is believed that ransomware attacks will grow to cost $20 billion in 2021.

To put the upcoming risk in a real-life scenario, the IT security researchers at Check Point have detailed a set of vulnerabilities in Canon DSLR camera which if exploited can infect DSLR cameras with ransomware. 

In a ransomware attack, attackers can not only take over the targeted device but also lock your files and demand ransom money. For instance, the infamous WannaCry ransomware attack on the NHS’s computer system in the United Kingdom.

In a blog post published by Check Point, researchers have demonstrated how malicious hackers can remotely infect Canon DSLR camera with malware and lockout user from accessing their personal data including private photos and video files which can be a highly lucrative target for cybercriminals.

According to Check Point’s researcher Eyal Itkin, since the use of Internet-connected devices is surging, companies including digital camera manufacturers like Conan have introduced DSLR models capable of establishing a connection with WiFi spots to transfer files to the computer with the help of standardized Picture Transfer Protocol (PTP).

Previously, file transfer was only possible with the help of USB. Itkin noted that PTP is an unauthenticated protocol and any vulnerability in the protocol can be easily exploited over WiFi. Additionally, an attacker can compromise a vulnerable WiFi access point and exploit it at a “tourist attraction” to carry out the attack.

Full list of vulnerabilities exploited by researchers is as follow:

  • CVE-2019-5994 – Buffer Overflow in SendObjectInfo – 0x100C
  • CVE-2019-5998 – Buffer Overflow in NotifyBtStatus – 0x91F9
  • CVE-2019-5999– Buffer Overflow in BLERequest – 0x914C
  • CVE-2019-6000– Buffer Overflow in SendHostInfo – 0x91E4
  • CVE-2019-6001– Buffer Overflow in SetAdapterBatteryReport – 0x91FD
  • CVE-2019-5995 – Silent malicious firmware update

In a video, Itkin demonstrated infecting a Canon E0S 80D model with malware that ended up encrypting photo files on the device’s SD card with the following note on the screen:

Your pictures have been encrypted! We are White hat hackers, don’t worry. A Malicious actor would have taken over your camera, encrypting all of your images for ransom. To stay protected, update the firmware of your camera.

A full preview of the ransomware note is available below:

Image credit: Check Point

In usual circumstances, the IT security community encourages users to backup their data to avoid being blackmailed by cybercriminals into paying large ransom payments, however, in this case, backup is no bueno since attackers have already access to your highly personal photos and there is no way out other than paying the ransom with no guarantees on misuse of your data.

“During our research, we found multiple critical vulnerabilities in the Picture Transfer Protocol as implemented by Canon. Although the tested implementation contains many proprietary commands, the protocol is standardized, and is embedded in other cameras. Based on our results, we believe that similar vulnerabilities can be found in the PTP implementations of other vendors as well,” wrote Itkin.

The good news is that thanks to Check Point, Canon has already issued a security advisory and a firmware patch addressing the vulnerability. However, researchers believe similar vulnerabilities can be found in the PTP implementations of other vendors as well since the protocol is standardized, and is embedded in other cameras.

If you are interested in learning how one should protect their device against a ransomware attack, here is a guide on how to do so. Stay safe online!

Click to comment

You must be logged in to post a comment Login

Leave a Reply

To Top

Pin It on Pinterest

Share This