Some DSLR cameras are vulnerable to ransomware


Check Point Research reports that some DSLR cameras can be hacked and infected with ransomware:

"Our research shows how an attacker in close proximity (WiFi), or an attacker who already hijacked our PC (USB), can also propagate to and infect our beloved cameras with malware. Imagine how would you respond if attackers inject ransomware into both your computer and the camera, causing them to hold all of your pictures hostage unless you pay ransom."

Here is the video demo:

And Canon's official statement:

Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions

Thank you very much for using Canon products.

An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates.
(CVE-ID: CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000, CVE-2019-6001)

Due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network.

At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue.

Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
Disable the camera’s network functions when they are not being used.
Download the official firmware from Canon’s website when performing a camera firmware update.
Please check the Web site of the Canon sales company in your region for the latest information regarding firmware designed to address this issue.

This entry was posted in Canon. Bookmark the permalink. Trackbacks are closed, but you can post a comment.
  • Back to top