Researchers’ Canon Camera test: DSLR photos could be a target of ransomware attackers

Cameras are the devices that are not connected with the Internet and so there is no inspection about they are immune to hackers. However, latest research regarding virus infections shows some alarming affects. Researchers have discovered that some DSLR can be a target of ransomware infection. This is made possible by weakness in the protocol PTP (Picture Transfer Protocol). Hackers manipulate this and inject their malware directly to the memory card. This result into encryption of the photos and ransom payment is demanded for the allegedly recovery.

Check Point Software noticed the PTP is vulnerable for the ransomware attacks. Researchers, as a proof-of-concept demonstrated how the Canon models are affected by this. They uncover the flaws in Canon EOS 80D by using firmware. They set up a rogue WiFi access point. Once attackers were in the range of the camera, they inject malware that encrypts the photos. The camera’s owners then see a message that states that the photos are no longer available unless he pays a ransom.

The list of the vulnerabilities exploited includes:

  • CVE-2019-5994 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.
  • CVE-2019-5995 — Missing authorization vulnerability exists in EOS series digital cameras.
  • CVE-2019-5998 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.
  • CVE-2019-5999 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.
  • CVE-2019-6000 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.
  • CVE-2019-6001 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.

This is because of the Magic lantern firmware to study the camera’s behavior the Canon Cameras are regarded as easy to hack. In March, the vulnerability to canon was disclosed. The Canon issued an advisory telling folks to avoid unsecured Wi-FI, turn off networks functions and install a new security patch.  There is no live evidence of any such attacks has been reported so far.