The latest security research regarding virus infections shows some very alarming insight: popular DSLR cameras are prone to ransomware infections. This is made possible by inherent weaknesses in the main protocol called PTP (Picture Transfer Protocol) which can easily be manipulated into landing ransomware directly onto the memory cards of the cameras. This can result in the encryption and blackmail of the victims. In a proof-of-concept model the researchers demonstrate how Canon models are particularly affected by this.
DSLR Cameras Can Be Targeted With Dangerous Ransomware
Recently a security research team has discovered that DSLR cameras are one of the most commonly used devices that can easily fall victim to a ransomware infection. This appears to be easily done thanks to the widespread adoption of a file transfer protocol called PTP which stands for Picture Transfer Protocol. It is mostly used for transferring the made photos and videos from the memory card onto a given host computer. One of the newer revisions of this protocol allow for the devices to do this via a local Wi-Fi network which is maintained for the duration of the process. However its security does not meet the strict security standards which are recommended for this type of operations.
According to a proof-of-concept model an attacker can easily sniff the GUID of the camera and manipulate the network traffic into making the camera believe that the trusted host is sending the commands. The analysis shows that the tested cameras do not authenticate the users or use any strict security precautions. This leads to two particular modes of infection which are most likely to be encountered in a real attack:
- USB Vector — This is done by first implanting malware onto the victim’s computer and then scanning if a DSLR camera is attached via the USB port. If a device is connected the ransomware will be deployed to them by abusing the protocol.
- Wi-Fi Network Abuse — The hackers can create a rogue access network at a densely populated location and using a crafted GUID can initiate remote sessions to the cameras.
What’s worrying about this is that the Canon users are particularly affected. The list of related vulnerabilities which are exploited include the following:
- CVE-2019-5994 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.
- CVE-2019-5998 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.
- CVE-2019-5999 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.
- CVE-2019-6000 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.
- CVE-2019-6001 — Buffer overflow in PTP (Picture Transfer Protocol) of EOS series digital cameras.
- CVE-2019-5995 — Missing authorization vulnerability exists in EOS series digital cameras.
The reason why Canon cameras are regarded as easily hackable is because the security researchers have used an aftermarket firmware called “Magic Lantern” in order to study the camera’s behavior. At the moment the attacks are still regarded as theoretical, no live attacks have been reported to have happened so far.
Canon has released a security statement which gives advice to camera owners on some of the better.