As a result, Canon has also issued an official security advisory addressing the researchers' discovery, advising users to avoid connecting their cameras to unsecure networks or devices, disabling their camera's network functions when not in use, and ensuring they've updated to the latest firmware for their shooter.
"The combination of price, sensitive contents with a high personal and emotional value, and widespread consumer audience makes cameras a lucrative target for attackers", the researchers said in a blog post released on Sunday.
Digital cameras use Picture Transfer Protocol (PTP) to transfer digital files and the firm's researchers discovered how to exploit vulnerabilities in the protocol to infect a camera with ransomware, which they showed off at this year's Defcon security conference.More news: Martin Brundle warns Alex Albon about Red Bull move
The researchers looked at the Canon EOS 80D because it has both USB and Wi-Fi connectivity, as well as an extensive modding community which provides open source software for the camera. Once they had control, they were able to install "ransomware," encrypting all of the photos on the SD card and holding them hostage until and unless the victim pays a sum of money (usually in cryptocurrency) to receive the encryption key and unscramble their images.
"Any "smart" device, including the DSLR camera, is susceptible to attacks", said Eyal Itkin, a security researcher at Check Point. Though Check Point's research only examined the flaw in Canon cameras, cameras from other manufacturers could be affected as well. However, Check Point warns that not just this camera but any internet-connected digital camera could be vulnerable to ransomware attacks. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. Canon has released one.
Although most users connect their camera to their PC using a USB cable, newer camera models now support WiFi.More news: LG G8X Expected To Launch At IFA 2019
Again, we should stress that this is not necessarily a Canon-specific issue, as it is the Picture Transfer Protocol itself (rather than the cameras) that exhibits the security flaw.
As Canon explains, there have been no reported cases of this vulnerability actually being exploited to install ransomware IRL, but now that the info is out there, the company is working as quickly as possible to patch affected DSLRs.
Full technical details of the investigation can be found on the Check Point website.More news: Scaramucci: Trump's Policies Good; His Rhetoric Isn't
- DOJ: Friend of Dayton shooter to face federal charges
- Three Congolese doctors arrested in connection with World Health Organization official's death
- Canadian police reveal cause of death of teen killers
- Bolton says U.S. ready to negotiate post-Brexit trade pact
- Missy Elliott to receive Michael Jackson Video Vanguard Award at 2019 VMAs
- Fortnite World Champ "Bugha" swatted during Sunday livestream
- Trump Administration Makes it Easier to Deny Gov't Assistance for Immigrants
- Vikings get kicker/punter Kaare Vedvik in trade with Ravens
- NARIT: Asteroid 2006 QQ23 would not hit Planet Earth
- Environmentalists warn Trump 'weakening' endangered species protections