Science

13 Aug 2019

Hackers can lock your DSLR photos with ransomware: Here's how

Even with advanced security protocols, ransomware attacks are happening all over the world, locking personal computers as well as government/hospital workstations.

They pose a major threat to cybersecurity, and now, a group of researchers has argued that these attacks go beyond PCs and can even lock away your DSLR cameras.

Yep, your camera, which isn't even connected to the internet!

Here's all about it.

Attack

Ransomware attacks on DSLR cameras

Just recently, security researchers from Check Point Software published a report claiming bad actors within the range of your DSLR's Wi-Fi can use sophisticated techniques to carry out a ransomware attack.

They could install malware on some DSLR and mirrorless cameras and encrypt the personal photos on the device unless the owner agrees to pay a certain amount of money to have them unlocked.

Details

How the malware can be installed

How the malware can be installed

DSLR cameras don't have internet (a common attack vector) but they do have the Picture Transfer Protocol that allows the transfer of images to computers and other devices via USB/Wi-Fi.

The researchers noticed that PTP is unauthenticated and can easily be leveraged by an attacker using an infected Wi-Fi access point to plant dangerous, file-encrypting malware.

Love Tech news?

Stay updated with the latest happenings.

Yes, notify me

Demonstration

They even demonstrated the possible attack

To explain the case, the researchers set up a rogue Wi-Fi access point and used it as a vector to gain access to and lock the SD card of a Canon EOS80D in range.

Once the malware encrypted the card, the owner of the DSLR could see nothing but a message noting that the photos won't be available unless they pay a ransom.

Risk

A number of cameras could be vulnerable

A number of cameras could be vulnerable

While the researchers behind this discovery informed Canon, prompting the company to issue a patch, there might be many vulnerable DSLRs.

Specifically, all Canon DSLRs, from EOS 70D to the mirrorless EOS R, that have not installed the patch could be vulnerable as well as shooters from other manufacturers (like Nikon) using the PTP standard are likely to be at risk, The Verge reports.

How to avoid these attacks

Unless there is a security patch for your camera, dodging unsecured Wi-Fi networks is the only way to avoid these attacks. Personal photos make a lucrative target for attackers, which means you'd have to be very careful while using wireless network functions in public.

Share this timeline

Dslr Camera

Ransomware

Security

Canon DSLR

Canon DSLRs

Canon EOS80D

Check Point Software

DSLR

EOS 70D

EOS R

Picture Transfer Protocol

PTP

SD

Verge

Share this timeline

Ask NewsBytes
User Image

Next Timeline