Researchers show how easy it is to inject a DSLR camera with ransomware

Hackers can encrypt a camera using just a Wi-Fi connection, demo shows

Hacked camera

Researchers have developed a working exploit that allows ransomware to be remotely deployed on DSLR cameras, encrypting all photos on an inserted SD card.

The attack was demonstrated on a Canon EOS 80D and can be performed over both USB and Wi-Fi if a victim was connected to an unsecured public network.

Ransomware can take over a modern DSLR by exploiting the popular Picture Transfer Protocol (PTP) which is used by cameras for a whole host of tasks such as image transfer, taking live pictures and even updating the camera's firmware.

The protocol is an attacker's delight because it's both unauthenticated and supports "dozens of different complex commands," researcher Eyal Itkin of Check Point said in a blog post.

Check Point chose to target the Canon EOS 80D due to Canon's dominance in the DSLR space (controlling more than 50% of the market) and the fact it supports both Wi-Fi and USB.

Canon also has an extensive modding community called Magic Lantern, meaning some initial exploration of the camera's firmware has already been conducted by its users.

"Attackers are profit-maximisers, they strive to get the maximum impact (profit) with minimal effort (cost)," said Itkin. "In this case, research on Canon cameras will have the highest impact for users, and will be the easiest to start, thanks to the existing documentation created by the ML community."

This form of ransomware distribution could be especially lucrative to attackers due to the high sentimental value people place on photos. People may be more likely to pay out the attacker's ransom demands to preserve cherished memories.

The attack could be particularly effective in tourist hotspot areas where potential victims are connected to the same unsecured Wi-Fi networks as the attackers. The researchers show how quickly a camera could be infected in the video below, complete with a typical ransomware splash page - just like on a PC.

"Chaining everything together requires the attacker to first set-up a rogue WiFi Access Point," said Itkin. "This can be easily achieved by first sniffing the network and then faking the AP to have the same name as the one the camera automatically attempts to connect. Once the attacker is within the same LAN as the camera, he can initiate the exploit."

Exploiting PTP is nothing new. At the Hack in the Box 2013 security conference, researcher Daniel Mende showed how it could be leveraged to access a camera, but Check Point are thought to be the first to show that malware can be deployed using this method.

Canon released a patch for the issue along with a security advisory last week.

Although the exploit was only proven using a Canon camera, "due to the complexity of the protocol, we do believe that other vendors might be vulnerable as well, however it depends on their respective implementation," Itkin told The Verge.

"This is an interesting vulnerability. It does, however, require the victim to be connected to a rogue wifi hotspot which limits the attacker to being in close physical proximity to the intended victim," said Javvad Malik, security awareness advocate at KnowBe4.

"For some, having ransomware on their camera may be little more than a minor inconvenience where a memory card needs to be discarded," he added. "The impact to a professional photographer, like a journalist, or wedding photographer would be significant - so those professionals should be taking extra precautions regardless of this particular vulnerability."

Ransomware has seen somewhat of a resurgence in 2019, according to figures from SonicWall in July.

Attacks of this type on UK businesses fell in early 2019 but had surged 195% by the second half of the year - 6.4 million cases in total.

Elsewhere, two Floridian towns paid ransoms to regain control of their municipal systems which, when combined, cost more than $1 million. Baltimore was also attacked a month earlier.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Cyber security firm saw attacks rise by 20% during 2020
cyber security

Cyber security firm saw attacks rise by 20% during 2020

23 Feb 2021
What to look for in a secure cloud system
cloud security

What to look for in a secure cloud system

23 Feb 2021
Hackers turn to 'silent stealing' in bid to exploit home workers
scams

Hackers turn to 'silent stealing' in bid to exploit home workers

22 Feb 2021

Most Popular

Mysterious Silver Sparrow malware hits 30,000 macOS devices
malware

Mysterious Silver Sparrow malware hits 30,000 macOS devices

22 Feb 2021
IBM reportedly mulls sale of Watson Health business
mergers and acquisitions

IBM reportedly mulls sale of Watson Health business

22 Feb 2021
Microsoft to launch standalone Office 2021 suite
Microsoft Office

Microsoft to launch standalone Office 2021 suite

19 Feb 2021