Israeli internet security company Checkpoint pointed out the possibility that the camera will install ransomware if Wi-Fi is connected to DSLR cameras and mirrorless.
Until now, ransomware’s targets have been mainly PCs and smartphones. The main source of infection is e-mail attachments or access to websites or applications. All can be avoided with user attention. However, if you look at the demo video released by Checkpoint this time, you can see that the ransomware is installed just by connecting the camera to Wi-Fi.
The demo used was the EOS 80D, a Canon DSLR camera. If you connect Wi-Fi here, ransomware is installed on the SD card through PTP (Picture Transfer Protocol) as the image transfer protocol, and the image is encrypted and a message indicating that the image has been encrypted is displayed on the rear LCD screen.
PTP is originally a protocol for transferring images between devices without a driver over a USB connection. When transmitting files, authentication and encryption are not performed. In addition, it supports firmware update from taking pictures by command, and recently, many camera models have adopted PTP-IP, an extension standard to support wireless LAN connection. Therefore, even if the camera is connected to the same Wi-Fi as the attacker, there is a possibility of receiving various attacks as well as ransomware.
On August 6th, Canon issued a notice about the vulnerability of PTP-related functions, recommending that you do not connect to free Wi-Fi as a defense and turn off the function when not using the camera network function. The EOS 80D used for this verification is also providing an updated firmware that has taken measures against the vulnerability.
As for the reason Checkpoint chose the EOS 80D as a verification material, I heard that Canon is the world’s largest SLR camera company with a high market share, and there is a renovation community called Magic Lantern, where the EOS 80D supports both USB and Wi-Fi connections. .
Digital cameras now feature almost all smartphones as one of its features, highlighting it as a major feature whenever a new product is announced. You may no longer need to prepare a separate camera for daily recording purposes. However, anyone who buys a camera to shoot more valuable data could be a target of ransomware because of this more valuable data. Until now, damage from cameras has been a lot of physical things such as theft of equipment. But now, countermeasures against attacks that are not visible to the camera itself are required. Related information can be found here .