Strava Technologies (P) LTD
The threat of ransomware is becoming more prevalent and severe as attackers' focus has now moved beyond computers to smartphones and other Internet-connected smart devices.
CheckPoint demonstrated how easy it is for hackers to remotely infect a digital DSLR camera with ransomware and hold private photos and videos hostage until victims pay a ransom.
It discovered several security vulnerabilities in the firmware of Canon cameras that can be exploited over both USB and WiFi, allowing attackers to compromise and take over the camera and its features.
All these vulnerabilities, listed below, reside in the way Canon implements Picture Transfer Protocol (PTP) in its firmware, a standard protocol that modern DSLR cameras use to transfer files between camera and computer or mobile devices via wired (USB) or wirelessly (WiFi).
Besides file transfer, Picture Transfer Protocol also supports dozens of commands to remotely handle many other tasks on camera—from taking live pictures to upgrading the camera's firmware—many of which have been found vulnerable.
Canon's PTP operations neither require authentication nor use encryption in any way, allowing attackers to compromise the DSLR camera in the following scenarios:
"This can be easily achieved by first sniffing the network and then faking the AP to have the same name as the one the camera automatically attempts to connect. Once the attacker is within the same LAN as the camera, he can initiate the exploit,"
As a proof-of-concept, the researcher successfully exploited one of these vulnerabilities that allowed them to push and install a malicious firmware update on a targeted DSLR camera over WiFi—with no interaction required from the victim.
As shown in the video demonstration, the malicious firmware was modified to encrypt all files on the camera and display a ransom demand on its screen using the same built-in AES functions that Canon uses to protect its firmware. "There is a PTP command for a remote firmware update, which requires zero user interaction," the researcher explains. "This means that even if all of the implementation vulnerabilities are patched, an attacker can still infect the camera using a malicious firmware update file."
A real ransomware attack of this type is one of the biggest threats to your precious memories where hackers can typically demand money in exchange for the decryption key that would unlock your photos, videos and audio files.
Researchers responsibility reported these vulnerabilities to Canon in March this year. However, the company has currently only released an updated firmware for Canon EOS 80D model and recommended users of other affected models to follow basic security practices until patches for their devices become available.
© 2021 Strava Technologies (P) Ltd. All rights reserved