Researchers at Israeli cybersecurity firm Check Point Software Technologies Ltd. say they have found that digital cameras are vulnerable to hacking attacks such as ransomware and malware through their USB and WiFi network connections.
“The combination of price, sensitive contents with a high personal and emotional value, and widespread consumer audience makes cameras a lucrative target for attackers,” the researchers said in a blog post released on Sunday.
Since modern cameras no longer use film to capture and reproduce images, the International Imaging Industry Association has set up a protocol known as Picture Transfer Protocol (PTP), which is a standardized set of rules used by camera manufacturers that enables the transfer of digital images from camera to PC. Although most users connect their camera to their PC using a USB cable, newer camera models now support WiFi.
Check Point researchers set out to see if they could access the cameras and take advantage of vulnerabilities in the protocol to infect the camera. The answer unfortunately was “yes.”
“Imagine how would you respond if attackers injected ransomware into both your computer and the camera, causing them to hold your entire library of pictures and videos hostage unless you pay their ransom,” the researchers wrote in the blog post. “If they’re successful, the chances are you’ll have to pay a ransom to free up your beloved camera and picture files — or risk losing them.”
For their research, Check Point used a Canon EOS 80D Digital Single-Lens Reflex (DSLR) camera, which supports both USB and WiFi. “Critical vulnerabilities in the PTP were found,” Check Point said in a statement on Sunday, detailing the study.
Since the protocol is standardized and embedded in other camera brands, Check Point believes “similar vulnerabilities can be found in cameras from other vendors as well,” the statement said.
“Any ‘smart’ device, including the DSLR camera, is susceptible to attacks,” said Eyal Itkin, a security researcher at Check Point. “Cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. The photos could end up being held hostage until the user pays the ransom for them to be released.”
The researchers say there are a few things camera owners can do to avoid being infected: make sure the camera is using the latest version issued by the firm, and install a patch if available; turn off the camera’s WiFi when not in use; when using WiFi, use the camera as the WiFi access point, rather than connecting the camera to a public WiFi network.
Check Point researchers informed Canon about the vulnerabilities and the companies worked together to patch them. Canon published the patch as part of an official security advisory in both English and Japanese.