Security researchers find that DSLR cameras also vulnerable to malware and ransomware attacks

It is not just your phone or computer that are vulnerable to hacking. Security researchers have now warned that even DSLR cameras are not immune to ransomware and malware attacks. Threat actors can take control of data on modern cameras, found the researchers from cybersecurity firm Check Point Software Technologies. “Any ‘smart’ device, including the DSLR camera, is susceptible to attacks,” said Eyal Itkin, Security Researcher, Check Point Software Technologies.

DSLR camera security flaw details

“Cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. Attackers can inject ransomware into both the camera and PC,” Itkin added. The attackers could hold the photos hostage until the user pays the ransom after an attack.

The International Imaging Industry Association devised a standardized protocol known as Picture Transfer Protocol (PTP) to transfer digital images from the camera to PC. Initially focused on image transfer, this protocol has evolved to include dozens of different commands that support anything from taking a live picture to upgrading the camera’s firmware.

Check Point Research aimed to access the cameras and exploit vulnerabilities in the protocol to infect the camera. Check Point used Canon’s EOS 80D DSLR camera which supports both USB and Wi-Fi. After digging in, the researchers found critical vulnerabilities in the Picture Transfer Protocol. Check Point Research informed Canon about the vulnerabilities and the companies worked together to patch them. Canon published the patch to fix the DSLR camera security flaw as part of an official security advisory.

The researchers believe camera models from other vendors may also include similar vulnerabilities. The researchers also clarified their hypothesis stating that the protocol is standardized. This means that other camera makers may have used the same protocol for their camera models. To avoid attacks, camera owners should make sure that they are using the latest firmware version, and install a patch if available, Check Point recommended.

Other camera makers including Nikon, Sony, and others have not released any statements regarding the flaw. It is also worth noting that the security researchers did not test any camera models from these companies. It is likely that these companies may conduct an audit on their camera models to fix flaws.

With inputs from IANS