As more and more devices grow dependent on the internet connectivity to function, the threat of cyberattacks grow with it. Every week we read or write about another ransomware attack that exploits an otherwise unforeseen vulnerability in hardware, with the latest being DSLR cameras.
This according to Check Point Software Technologies, which released a report and video (embedded below) detailing how ransomware could be remotely installed onto a DSLR camera.
The vulnerability in question, as Check Point researcher Eyal Itkin explains, has to do with the file transfer protocol that most DSLRs make use of. In particular an attacker making use of an infected WiFi access point could use that vulnerability to plant malware onto the camera, encrypting the data stored on the SD card, or indeed later encrypting a user’s PC or notebook.
Itkin shows the former method at work in the video below, with the DSLR in question being a Canon EOS 80D. The researcher adds that cameras could prove a valuable target for hackers, especially as they either contain personal images with sentimental significance or in the case of professionals, hold images for a shoot or job that they are being paid for.
Check Point has known about this vulnerability for a couple of months now, having noted it to Canon back in March. The pair have been working together on a fix, with Canon issuing a warning to camera owners last week not to use unsecured WiFi networks.
The Japanese firm also advises owners to update and install the latest security patch, adding that other camera manufacturers may be vulnerable to the same flaw.
Unfortunately Check Point did not disclose whether other manufacturers are indeed vulnerable, but in any case the advise not to connect to unsecured WiFi network holds true regardless of what device you may be using.
As such be aware of what you’re connected to.