Security vulnerabilities in popular internet-connected digital cameras could allow hackers to infect them with ransomware, rendering the devices useless, or deploy other forms of malware which could potentially turn a camera into a gateway for infecting larger networks.
Digital cameras use Picture Transfer Protocol (PTP), a standard protocol to transfer digital files. Researchers at cybersecurity company Check Point Software found that it was possible to exploit vulnerabilities in the protocol to infect a camera with ransomware, presenting their findings at the Defcon security conference in Las Vegas.
The researchers looked at the Canon EOS 80D because it has both USB and Wi-Fi connectivity, as well as an extensive modding community which provides open source software for the camera. But while this particular model was chosen for the experiment, researchers warn that any internet-connected digital camera could be vulnerable to the attacks.
"As PTP is widely used by all digital camera vendors, we do believe that similar vulnerabilities will affect other vendors as well," Eyal Itkin, security researcher at Check Point, told ZDNet.
Researchers downloaded the firmware for the Canon camera and were able to reverse engineer the code with the aid of tools from the open source community. They found several vulnerabilities, including buffer flows enabling code execution, which could allow the camera to be taken over remotely using a malicious – and silent – firmware update. The firmware could enable ransomware to be deployed, because the two share the same cryptographic processes.
It's possible to execute the attack through physical access to the camera via USB, but also remotely via Wi-Fi if the camera's user could be tricked into connecting to a rogue wireless network. The attack could ultimately end up with the photos on the camera being locked by ransomware.
While malware on a camera might not sound like an immediate issue for an enterprise, it's entirely possible that a compromised device could be used as a stepping stone for other attacks.
"Once compromised, the attacker has full control over the camera, and they could brick it, use it as an espionage tool, or ransomware it as we demonstrated. These vulnerabilities are critical and could cause major harm to any business or industry that relies on digital cameras," said Itkin.
And, with many different devices using PTP, it's possible other cameras could also be impacted by similar attacks.
"As PTP is widely used by all digital camera vendors, we do believe that similar vulnerabilities will affect other vendors as well," Itkin said. "Our research is just one more example to the relatively low state of security in day-to-day embedded devices," he added.
Check Point disclosed the vulnerabilities to Canon, which has issued a security update for its devices. While there aren't any known examples of the attack being used in the wild, Canon has advised users to apply the update.
"Now that we are aware of this vulnerability, we will ensure it is corrected in future products that we develop," a Canon spokesperson told ZDNet.
The full research report into the vulnerabilities is available from Check Point.
READ MORE ON CYBER SECURITY
- Security flaw in LG IoT software left home appliances vulnerable
- A paranoid's guide to the internet CNET
- How crooks can cover up crimes by hacking IoT cameras to show fake footage
- How risk management can help secure industrial IoT and big data TechRepublic
- IoT security: Why it will get worse before it gets better