Digital cameras vulnerable to ransomware, Check Point researchers find

Israeli cyber experts identify serious security flaw in digital cameras

Once a Canon EOS 80D camera joined that wireless access point, the researchers were able to remotely install the malware on it.

But as researchers at Check Point Software noticed, a flaw in the Picture Transfer Protocol (PTP) some DSLR cameras use to wirelessly transfer photos could be used to install malware that could encrypt those photos-and keep them encrypted unless the camera's owner agrees to pay a ransom.

In the case of USB connections, attackers that have already hacked the user's PC can exploit the USB connection to infect the camera.

"Initially focused on image transfer, this protocol has evolved to include dozens of different commands that support anything from taking a live picture to upgrading the camera's firmware", the report says. For starters, while most modern DSLR cameras have WiFi built in, the general slow transfer speed means that people tend to transfer directly via SD card, unless they're just moving one or two images.

This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to.

White Sox, Yankees To Play At Field Of Dreams
Is this heaven? No, it's Iowa. "Iowa's truly a land of opportunity, where you can work hard, dream big and anything can happen". The baseball field is really there, but surprisingly, it has never been used for a real major league game until now.

"The combination of price, sensitive contents with a high personal and emotional value, and widespread consumer audience makes cameras a lucrative target for attackers", the researchers said in a blog post released on Sunday.

The critical flaw in Canon's Picture Transfer Protocol was reveled by Security Company Check Point Research during Hacking Conference DEF CON 2019. "Based on our results", says Check Point, "we believe that similar vulnerabilities can be found in the PTP implementations of other vendors as well". But while this particular model was chosen for the experiment, researchers warn that any internet-connected digital camera could be vulnerable to the attacks.

The researchers downloaded the firmware for the Canon camera and by using tools from the open source community, they were able to reverse engineer the code. "The photos could end up being held hostage until the user pays the ransom for them to be released".

The full research report into the vulnerabilities is available from Check Point. Since then, they've worked together with Canon to patch the vulnerabilities that were found, which is why these findings were released alongside an official Security Advisory from Canon itself.

"At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm", Canon said in the update published on August 6.

Related News:



Most liked

Shweta Tiwari files complaint against husband Abhinav Kohli over domestic violence
There are rumours of their marriage in trouble since a year ago but Shweta had chosen not to comment on her marriage. Later, in 2013, the duo tied the knot in an intimate ceremony in 2012 and are parents to Reyansh Kohli.

Russia Says Explosion Killed Nuclear Workers
In a statement, Rosatom said the accident killed five of its staff and injured three, who suffered burns and other injuries. The Russian Defense Ministry initially said that two people died in the accident involving a liquid-fuel jet engine.

Samsung insists the Galaxy Home speaker is coming soon
And yes, there is an earpiece on the Galaxy Note 10 duo, although it's extremely hard to spot because of the small bezel. Also, one of the new features that Samsung introduced is the capability to zoom into sounds while recording a video.

United States to support post-Brexit Britain with free trade deal, Bolton says
Bolton, in London for two days of talks with British officials, is seeking an improved U.S. "We want to move very quickly". Johnson's spokesman said the Britain wanted the Hong Kong government to engage with all parties in constructive dialogue.

Netflix announces premiere date for The Crown season 3
Tobias Menzies plays her husband, Prince Phillip, and Oscar nominee Helena Bonham Carter portrays her sister, Princess Margaret . The third season of the historical drama will feature an all-new cast in the lead roles.

Steelers WR Coach Darryl Drake Passes Away
Steelers wide receiver JuJu Smith-Schuster tweeted Sunday that Drake was "my favorite coach that I've ever had in this game". Darryl had such an impact on the players he coached and everyone he worked with throughout his entire career.

Scaramucci Says GOP May Need to Replace Trump at Top of Ticket
During the interview, he predicted that the Republican Party as a whole will eventually follow suit. Yet "he knows very little about me", Trump said.

Trump Goes On 'Hollywood Is Racist' Rant After Touting Background Checks
The president did not specify a particular movie but mocked Hollywood for creating violence and chaos in the United States. It stars Hilary Swank as a "deplorable" being hunted by so-called elites.

Hong Kong airport shuts down amid pro-democracy protest
Police responded with tear gas and rubber bullets at various locations - including inside a metro station for the first time. They also argued the bill would give China more control over Hong Kong.

Oakland Raiders’ Antonio Brown Reportedly Warns NFL over New Mandated Helmets
Brown is also not allowed to show up to practice with out-dated equipment as he and the Raiders can be fined for the violation. Last year, Brown was one of 32 players who was grandfathered in and allowed to wear the now-banned helmet .

Look Up, The Best Meteor Shower Of The Year Is Here
Cloudy skies and a bright moon will combine to make it hard , if not impossible, to see the Perseid meteor shower tonight. However, it will face bright interference this year from the moon , which is close to being completely full, NASA said .

Epstein’s Cellmate Transferred Hours Before His Death
Convicted sex-offender and millionaire Jeffrey Epstein was found hanging in his New York City jail cell Saturday. Bill Richardson, Britain's Prince Andrew, wealthy financier Glenn Dubin, former Sen.

Attendant on flight to South Bend charged with public intoxication
Forty-nine-year-old Julianne March of Waukesha , Wisconsin, faces an August 29 initial hearing after being charged Thursday. Feeling frustrated, passenger Aaron Scherb took to Twitter to call out the carrier for their employee's risky behavior.

EU's Juncker tells Britain: no-deal Brexit will hurt you the most
Deploying the "nuclear option" - a vote of no confidence - would probably not block a no-deal exit either. The report acknowledged such a tactic may be possible although it would be highly contentious.

Jio GigaFiber and JioPhone 3 to launch on Monday
They only have to pay a refundable security deposit. "Wireline network connectivity in India continues to remain underserved". Reliance Jio had recently sought suggestions from users of its MyJio app on what should be the name of its broadband service.