13 Aug 2019
Hackers can lock your DSLR photos with ransomware: Here's how
They pose a major threat to cybersecurity, and now, a group of researchers has argued that these attacks go beyond PCs and can even lock away your DSLR cameras.
Yep, your camera, which isn't even connected to the internet!
Here's all about it.
Ransomware attacks on DSLR cameras
Just recently, security researchers from Check Point Software published a report claiming bad actors within the range of your DSLR's Wi-Fi can use sophisticated techniques to carry out a ransomware attack.
They could install malware on some DSLR and mirrorless cameras and encrypt the personal photos on the device unless the owner agrees to pay a certain amount of money to have them unlocked.
How the malware can be installed
DSLR cameras don't have internet (a common attack vector) but they do have the Picture Transfer Protocol that allows the transfer of images to computers and other devices via USB/Wi-Fi.
The researchers noticed that PTP is unauthenticated and can easily be leveraged by an attacker using an infected Wi-Fi access point to plant dangerous, file-encrypting malware.
They even demonstrated the possible attack
To explain the case, the researchers set up a rogue Wi-Fi access point and used it as a vector to gain access to and lock the SD card of a Canon EOS80D in range.
Once the malware encrypted the card, the owner of the DSLR could see nothing but a message noting that the photos won't be available unless they pay a ransom.
A number of cameras could be vulnerable
While the researchers behind this discovery informed Canon, prompting the company to issue a patch, there might be many vulnerable DSLRs.
Specifically, all Canon DSLRs, from EOS 70D to the mirrorless EOS R, that have not installed the patch could be vulnerable as well as shooters from other manufacturers (like Nikon) using the PTP standard are likely to be at risk, The Verge reports.
How to avoid these attacks
Unless there is a security patch for your camera, dodging unsecured Wi-Fi networks is the only way to avoid these attacks. Personal photos make a lucrative target for attackers, which means you'd have to be very careful while using wireless network functions in public.