Canon has issued an official security advisory for it's WiFi capable DSLR cameras after a technology security company released a video showing that they could remotely hack into, and install ransomware on a Canon 80D.
Itkins reached out to Canon regarding this vulnerability back in March and now that this report is made public, Canon has issued a statement warning users to avoid connecting their cameras to open public networks and to disable Wi-Fi when not needed.
Full technical details of the investigation can be found on the Check Point website. But while this particular model was chosen for the experiment, researchers warn that any internet-connected digital camera could be vulnerable to the attacks.
Canon was notified of the potential exploit before it was publicly disclosed, and released patches for its cameras earlier in August.
The researchers presented how an attacker can inject the malware and encrypt photos in the camera's memory using the cryptographic process. USB attacks are another potential point of entry, as owners plug their digital cameras into a PC in order to retrieve images saved on it, or to install new firmware. The researchers noted that while they only worked with Canon, the protocol is "standardized" and embedded in other cameras sold by Canon's competitors.
The researchers got the breakthrough and succeed to find vulnerabilities in the PTP.
Researchers at Check Point Software Technologies revealed how the Picture Transfer Protocol (PTP) can be used to infect a DSLR camera with ransomware. "The combination of price, sensitive contents and wide-spread consumer audience makes cameras a lucrative target for attackers". For starters, while most modern DSLR cameras have WiFi built in, the general slow transfer speed means that people tend to transfer directly via SD card, unless they're just moving one or two images. "As the PTP protocol offers a variety of commands, and is not authenticated or encrypted in any way, he demonstrated how he (mis) used the protocol's functionality for spying over a victim", Check Point stated in a post. Even though Checkpoint focused on Canon hardware for the experiment, he later told The Verge, "due to the complexity of the protocol, we do believe that other vendors might be vulnerable as well, however it depends on their respective implementation".