Press "Enter" to skip to content

Even digital cameras are at risk of hacking, security researchers warn

Not even your digital camera is safe from the threat of malicious computer bugs, according to security researchers. 

In a report released earlier this week by analysts at Check Point Software Technologies, researchers detail how they were able to remotely install ransomware on a DSLR by exploiting the standardized Picture Transfer Protocol. 

The protocol, developed to allow the transfer of pictures from a camera to one’s computer via WiFi is a particularly easy target according to researchers. 

The program is unauthenticated — meaning its not protected by password or other security measures — and also able to be exploited through WiFi or USB.

‘Today’s cameras are embedded digital devices that connect to our computers using USB, and the newest models even support WiFi,’ say the researchers.

‘While USB and WiFi are used to import our pictures from the camera to our mobile phone or PC, they also expose our camera to its surrounding environment.’

By leveraging PTP, researchers showed how they were able to gain access to the camera and install ransomware.

A bug designed by the analysts would encrypt images in the device at which point a theoretical hacker could demand a sum of money from a victim in exchange for returning those files.

Researchers show how they were able to plaster this ransom message demanding Bitcoin, on the camera’s display.

‘How you would respond if attackers injected ransomware into both your computer the camera, causing them to hold all of your pictures hostage unless you pay ransom?,’ the researchers write.

In their demonstration, researchers used Canon’s EOS 80D DSLR, a company that they noted is the most popular purveyor of digital cameras, with more than 50 percent of the market share.

Flaws were disclosed to Canon in March and according to Check Point, the company issued a patch as well as a security advisory reminding people not to use unsecured WiFi networks. 

Despite the apparent fix, Check Point says the flaw is likely affecting other models since the protocol is standardized.

‘Although the tested implementation contains many proprietary commands, the protocol is standardized, and is embedded in other cameras,’ write researchers.

‘Based on our results, we believe that similar vulnerabilities can be found in the PTP implementations of other vendors as well.’ 

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *