Canon DSLR Cameras Can Be Hacked With Ransomware Remotely
Ransomware has become a major threat to computer systems in recent years, as high-profile attacks have locked users out of personal computers, hospitals, city governments, and even The Weather Channel. That personal touch is long gone, replaced by encrypted files and a blunt demand for Bitcoin.
Cameras are among the few devices that don’t connect to the internet, so you’d think they’d be immune to hackers. However, researchers have discovered that some DSLRs and mirrorless cameras are actually vulnerable to ransomware attacks, of all things.
Canon has issued an official security advisory for its WiFi-connected DSLRs after a security company showed that they could remotely hack into and install ransomware on a Canon 80D. The findings, which were shared with Canon ahead of the public reveal, have left Canon scrambling to patch a serious security flaw.
You can read the full details of how the researchers pulled off the attack here, but the long and short of it is that they were able to take advantage of the camera’s WiFi connection to encrypt all the photos on the device, and then flash up the familiar demand for cash.
The hack was built using the extensive information already available through Magic Lantern, making Canon the most convenient target for Hackers, but it’s entirely possible that the same security vulnerabilities are present in other manufacturers’ wireless transfer protocols. “Based on our results,” says Check Point, “we believe that similar vulnerabilities can be found in the PTP implementations of other vendors as well.”
The good news is that while Check Point has shown ransomware on cameras to be technically possible, it’s still a pretty unlikely hack to be pulled off in the wild. For starters, while most modern DSLR cameras have WiFi built-in, the general slow transfer speed means that people tend to transfer directly via SD card unless they’re just moving one or two images. And if there are only one or two images, then any ransom is likely to be ignored.
Perhaps more importantly, even if you do use the Wi-Fi functionality to transfer photos, the chances are that you’ll do this in the comfort of your own home, rather than through an insecure public Wi-Fi hot spot.