Ransomware attacks demand a ransom in order to reverse or prevent some malicious act, such as the encryption of the target’s data. The May 2017 WannaCry attack – which infected hundreds of thousands of computers in more than 150 countries, including computers belonging to the NHS and the Russian Interior Department – brought this type of attack to mainstream attention.
Presenting their findings at DefCon 2019, the world’s most respected hacking conference, Check Point Software warned that connected digital cameras could be vulnerable to ransomware attacks if a malicious actor was in range of the camera’s Wi-Fi. This could, for instance, result in photographs being encrypted until the victim pays a ransom.
The Israel-based company found that the Picture Transfer Protocol (PTP), which is not authenticated in either wireless or wired modes, is vulnerable to attacks. The standardised protocol is used to transfer photographs from a camera to a computer, in addition to other commands such as upgrading firmware.
In a video, a Check Point researcher demonstrated that a Wi-Fi access point could be established, through which they were able to inject the malware, encrypting all photographs contained on the camera’s SD card using the same cryptographic functions used in firmware update processes. This would cause the owner to see a message warning that they must pay a ransom in order to access their pictures again.
Check Point said that six flaws in the implementation of the protocol offered a variety of attacks, including complete takeover of the camera.
Although cameras may be an unexpected target for hackers, Check Point pointed out that cameras typically contain irreplaceable photographs which many victims may be willing to pay for.
The researchers identified the vulnerability in a Canon EOS 80D (although the vulnerability affects most Canon cameras) and disclosed their findings to the camera manufacturer in March. Canon has since issued a notice warning customers to avoid unsecured Wi-Fi and install a new security patch. Canon also stated that it has received no reports of malicious exploitation of the vulnerability.
Check Point warns that the PTP flaw may not be limited to Canon camera models, as other manufacturers also use the same protocol.