Security researchers load ransomware onto DSLR over WiFi and encrypt photos in WannaCry-styled attack

A new report by security experts at Check Point Research demonstrates a glaring vulnerability in modern DSLR cameras: Photo Transfer Protocol. Worse yet, the researchers were able to exploit vulnerabilities in PTP/IP, which transfers photos from a DSLR to a computer wirelessly. This allowed the researchers to infect a nearby DSLR wirelessly and encrypt all of the camera's photos.

Sam Medley, Published 08/12/2019

As more and more connected devices are released, the number of attack vectors available to hackers and malicious parties increases. Not even DSLR cameras, seemingly benign and secure devices, are safe; in a demonstration by security experts at Check Point Research shows, DSLRs can be quite susceptible to ransomware, even from a distance.

The attack demonstrated by Check Point Research exploits a relatively new feature of DSLRs: WiFi connectivity. Most modern DSLRs can use a file transfer protocol called Picture Transfer Protocol (PTP) to send photos from the camera straight to a connected computer. Newer DSLRs, like Canon’s EOS 80D, also include WiFi cards that enable the camera to use PTP/IP, or PTP over a wireless connection.

Apparently, PTP/IP isn’t terribly secure. Using a custom Python script, the researchers were able to sniff out the camera’s network connection and hijack it to load ransomware onto the camera’s SD card. This ransomware then auto-executed and encrypted the user’s photos. As a last touch, the ransomware loaded a WannaCry-like image stating that the photos had been encrypted. All this was done in close proximity to the camera, but no physical connection was required.

The researchers said that the vulnerabilities present in Canon’s implementation of PTP and PTP/IP make Canon DSLRs a unique and tempting target for attackers. If an attacker could load access both the camera and the user’s computer (which could be done when the user connects their camera or inserts their infected SD card), malware could be loaded to fully encrypt the user’s photos, delete images, or more. Malicious parties could even use a camera as a launching point. Infecting a photographer’s SD card with malware may prompt them to insert the card into their computer to check for issues, which could then open the user’s entire computer to attack.

Check Point Research notified Canon of these vulnerabilities in March, and Canon pushed out a security patch on August 6th. If you own a Canon DSLR, it may be a good idea to download and install the latest firmware.

Source(s)

Check Point Research

Magniber ransomware pretends to be a legit Edge or Chrome update package. (Image Source: Unsplash)

Magniber ransomware being spread in the guise of a legit Microsoft Edge and Google Chrome update 01/16/2022

AvosLocker reportedly stole sensitive customer information from Gigabyte (Image source: Panda Security)

Gigabyte hit by ransomware attack: NDA’d information and customer details leak out with hackers threatening worse 10/24/2021

Ransomware attacks may have cost businesses over US$5 billion in losses this year (Image source: Kaspersky)

US FinCEN watchdog reports that companies may have forked out nearly US$600 million in ransomware payments through 2021 10/16/2021

Over 10TB of user data was compromised in the data breach (Image source: Panda Security)

Canon is hit by massive ransomware attack: 10TB of user data at risk, with doubts as to whether or not images were compromised 08/06/2020

While xHelper can be removed by antivirus software, it will soon reinstall itself. (Image via Malwarebytes forum user Amelia)

Android trojan xHelper can reinstall itself after removal and factory reset 02/15/2020

The CP+ 2020 conference has been axed. (Source: CIPA)

The Camera and Photo Imaging Show 2020 has been cancelled 02/14/2020

The iPhone X can be cracked by Cellebrite's tool. (Source: Business Insider)

Cybersecurity experts: Android phones may now be more secure than iPhones 01/31/2020

The illegal streaming websites iStreamItAll and Jetflicks have been shut down by the FBI and DoJ. (Image: iStreamItAll splash page)

FBI shuts down 2 illegal streaming sites, one of which is bigger than Netflix, Amazon Prime, and Hulu combined 12/16/2019

The data breach affected 1.2 billion people. (Image Source: Forbes)

Personal information of 1.2 billion people leaked in massive data breach 11/26/2019

Google Camera could have been used for some extremely shady hacking activities. (Source: XDA)

The cameras on "hundreds of millions" of Android phones could have been hijacked 11/19/2019

Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit 11/06/2019

If any of these app icons are on your iPhone or iPad, uninstall them immediately. (Image via Wandera)

Trojan malware found in 17 apps on Apple App Store 10/25/2019

Canon announced EOS-1DX Mk III pro DSLR camera: 4K60p, 16fps burst shots, and more 10/24/2019

The Int App Lock icon alongside some code it reportedly runs. (Source: Pradeo Lab)

The "Joker" malware is found to exist within yet another Android app 10/23/2019

Recent Samsung Galaxy devices also support the HEIC photo file format. (Source: Notebookcheck)

Google to put kybosh on HEIC loophole giving iPhone users unlimited full quality photo storage 10/21/2019

Canon tackles smartphones that encroach on photography with the new EOS M200 09/25/2019

An infected directory showing files with a

Lilu/Lilocked ransomware has now infected thousands of Linux servers 09/08/2019

Malware is now a problem when downloading textbooks. (Source: Wikipedia)

Kaspersky claims to have found malware in digital college textbooks 09/06/2019

Canon releases the EOS 90D, a new 32MP crop DSLR 08/31/2019

Apple accidentally rolls back security patch in iOS 12.4 update, making jailbreaking possible 08/20/2019

Buffering videos could soon be a thing of the past on congested Wi-Fi networks. (Source: Getty Images)

Sick of Wi-Fi video buffering? MIT may have found a solution 08/19/2019

The AI-powered YI Home Camera 3. (Source: YI)

The latest YI home security camera has AI for smarter, more selective user alerts 08/09/2019

Apps like Facebook Messenger and WhatsApp may need redesigns thanks to iOS 13's background access restrictions 08/07/2019

Microsoft security researchers discover new cyber attack through Internet of Things connected devices 08/06/2019

The HomePod captured more inadvertant Siri recordings than other devices like the iPhone. (Source: Apple)

Apple suspends Siri eavesdropping program in wake of privacy scandal 08/02/2019

A majority of consumers surveyed appear to distrust connected devices. (Source: ERP Insight)

Up to 63% of consumers now find connected devices "creepy" 07/31/2019

Researchers at Symantec discover media file vulnerability in WhatsApp and Telegram 07/17/2019

Kali Linux now available for Raspberry Pi 4 07/10/2019

The Qualcomm Secure Processing Unit is part of the SD 855. (Source: Qualcomm)

The Snapdragon 855 is the first mobile processor certified to be as secure as a smart card 06/26/2019

At least 25 global telecommunications companies were compromised in a seven-year attack utilizing Chinese-affiliated threat actor APT10. (Source: ModernDiplomacy)

Chinese-affiliated hackers compromised 25 global telecommunications companies for over 7 years 06/25/2019

VLC is a popular open source and cross-platform media player with over 3 billion downloads since 2005.

PSA: Update your copy of VLC to avoid allowing hackers full control of your computer when opening video files 06/24/2019

Hackers attacked NASA's Jet Propulsion Lab via a Raspberry Pi, stole 500 MB of mission data 06/23/2019

PC-Doctor Tool For Windows is also believed to be vulnerable to cyber attacks. (Image source: Lifewire)

Cybersecurity company finds worrying vulnerability affecting millions of Dell laptops and desktops 06/22/2019

Loading Comments

Comment on this article

SK Hynix announces its next-generat...

Asus ZenBook 14 UX434 and ZenBook 1...

Sam Medley - Senior Tech Writer - 1344 articles published on Notebookcheck since 2016

I've been a computer geek my entire life. After graduating college with a degree in Mathematics, I worked in finance and banking a few years before taking a job as a database administrator. I started working with Notebookcheck in October of 2016 and have enjoyed writing news and reviews. I've also written for other outlets including UltrabookReview and GeeksWorldWide, focusing on consumer guidance and video gaming. My areas of interest include the business side of technology, retro gaming, Linux, and innovative gadgets. When I'm not writing on electronics or tinkering with a device, I'm either outside with my family, enjoying a decade-old video game, or playing drums or piano.

Please share our article, every link counts!

> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2019 08 > Security researchers load ransomware onto DSLR over WiFi and encrypt photos in WannaCry-styled attack

Sam Medley, 2019-08-12 (Update: 2019-08-12)

Security researchers load ransomware onto DSLR over WiFi and encrypt photos in WannaCry-styled attack

Source(s)

Related Articles