Ransomware is possibly the most terrifying of all the malware threats. Even without all the Hollywood style nightmares the name alone can induce, the ransomware reality is bad enough. Data gets hacked and then held hostage. You either pay up or you lose it forever, or if there is something embarrassing in there, it gets spread all over the internet.
This reality sees ransomware being a more of a major enterprise-level threat than something the average joe should worry about. That is unless you’re the type of average joe who goes to or has a child in school, visits a hospital, or even just lives in a city. All three types of institution have fallen victim to ransomware attacks in recent memory, with the most recent attacks seeing two small cities in Florida having to fork out over $1 million between them to free up the citywide systems that kept the basic functions of government moving along.
It now seems that it isn’t just computers and phones that are vulnerable to ransomware attack. Internet of Things devices, otherwise known as smart devices, now look to be on the menu for hackers too.
Researchers have discovered how to infect DSLR cameras with ransomware
Security researchers at Check Point software have presented some rather interesting findings at the Def Con security conference in Las Vegas. Looking at the Canon EOS 80D, which has both USB and Wi-Fi connectivity they discovered that the camera, and others enjoying similar levels of connectivity, could be vulnerable to attack.
Eyal Itkin, a researcher at Check Point, recounts the vulnerability in a recent Check Point blog post, “Our research shows how an attacker in close proximity (WiFi), or an attacker who already hijacked our PC (USB), can also propagate to and infect our beloved cameras with malware.” He goes on to ask how you would feel, if attackers took control of both your computer and your camera, with all pictures being held until a ransom was paid.
The vulnerability relates to the Picture Transfer Protocol (PTP) found on the EOS 80D, which manages the transfer of digital files. Vulnerabilities found in the PTP make it possible for a malicious actor to infect the camera with ransomware. The PTP could then be used to infect accompanying computer systems whenever the infected camera is hooked using its USB or Wi-Fi connection.
Think about all the different types of staff members connected to local government institutions, hospitals, and schools that use cameras regularly and you’ll understand how explosive this development could be.
Speaking to ZDNet, a spokesperson for Canon said the company is working tirelessly to remove the vulnerability from the firmware it loads onto its cameras. The problem, however, is that PTPs are used by all camera vendors, meaning this isn’t just a Canon problem.