As a result, Canon has also issued an official security advisory addressing the researchers' discovery, advising users to avoid connecting their cameras to unsecure networks or devices, disabling their camera's network functions when not in use, and ensuring they've updated to the latest firmware for their shooter.
"The combination of price, sensitive contents with a high personal and emotional value, and widespread consumer audience makes cameras a lucrative target for attackers", the researchers said in a blog post released on Sunday.
Digital cameras use Picture Transfer Protocol (PTP) to transfer digital files and the firm's researchers discovered how to exploit vulnerabilities in the protocol to infect a camera with ransomware, which they showed off at this year's Defcon security conference.More news: Bolton says U.S. ready to negotiate post-Brexit trade pact
The researchers looked at the Canon EOS 80D because it has both USB and Wi-Fi connectivity, as well as an extensive modding community which provides open source software for the camera. Once they had control, they were able to install "ransomware," encrypting all of the photos on the SD card and holding them hostage until and unless the victim pays a sum of money (usually in cryptocurrency) to receive the encryption key and unscramble their images.
"Any "smart" device, including the DSLR camera, is susceptible to attacks", said Eyal Itkin, a security researcher at Check Point. Though Check Point's research only examined the flaw in Canon cameras, cameras from other manufacturers could be affected as well. However, Check Point warns that not just this camera but any internet-connected digital camera could be vulnerable to ransomware attacks. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. Canon has released one.
Although most users connect their camera to their PC using a USB cable, newer camera models now support WiFi.More news: Mahesh Bhupathi named captain for India-Pakistan Davis Cup tie
Again, we should stress that this is not necessarily a Canon-specific issue, as it is the Picture Transfer Protocol itself (rather than the cameras) that exhibits the security flaw.
As Canon explains, there have been no reported cases of this vulnerability actually being exploited to install ransomware IRL, but now that the info is out there, the company is working as quickly as possible to patch affected DSLRs.
Full technical details of the investigation can be found on the Check Point website.More news: DOJ: Friend of Dayton shooter to face federal charges
- NARIT: Asteroid 2006 QQ23 would not hit Planet Earth
- Three Congolese doctors arrested in connection with World Health Organization official's death
- Fortnite World Champ "Bugha" swatted during Sunday livestream
- World’s 1st 108-Megapixel Smartphone Camera Sensor Launched By Samsung & Xiaomi
- 'The Crown' season 3 release date confirmed by Netflix
- Hong Kong airport reopens as Trudeau urges China to address 'serious concerns'
- The Hunt Release Canceled by Universal Pictures
- Raptors open and get rings against Zion and more schedule notes
- LG G8X Expected To Launch At IFA 2019
- Scaramucci: Trump's Policies Good; His Rhetoric Isn't