Active Stocks
Thu Mar 28 2024 15:59:33
  1. Tata Steel share price
  2. 155.90 2.00%
  1. ICICI Bank share price
  2. 1,095.75 1.08%
  1. HDFC Bank share price
  2. 1,448.20 0.52%
  1. ITC share price
  2. 428.55 0.13%
  1. Power Grid Corporation Of India share price
  2. 277.05 2.21%
Business News/ Technology / News/  WiFi, USB connectivity in cameras make them vulnerable to cyberattacks: Study
BackBack

WiFi, USB connectivity in cameras make them vulnerable to cyberattacks: Study

The researchers took a Canon EOS 80D, which has a developer community called Magic Lantern, which uses open source tools to make add-ons for the cameras
  • The vulnerability was brought to Canon’s attention in March 2018 and was confirmed by the camera company in May 2019
  • Cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. (Pixabay)Premium
    Cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. (Pixabay)

    WiFi connectivity in digital cameras has made uploading photos a lot easier for photographers. But like most connected devices, this has also made them susceptible to cyberattacks.

    A new study by cybersecurity firm Checkpoint claims that the Picture Transfer Protocol (PTP) used by modern day cameras to transfer digital images to PC is vulnerable to ransomware or malware attacks. The standard was created by International Imaging Industry Association and in the beginning it was only used for image transfer over USB but since PTP-IP came into the picture, it is used for several other tasks such as taking live photos, transferring files on cloud and upgrading camera firmware.

    “Cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. The photos could end up being held hostage until the user pays the ransom for them to be released," Eyal Itkin, security researcher at Check Point, said in a press statement.

    The researchers took a Canon EOS 80D, which supports both WiFi and USB connectivity and has a developer community called Magic Lantern, which uses open source tools to make add-ons for the cameras. Since the protocol is used by other brands also, Check Point believes cameras that use WiFi and USB are potentially at risk.

    Using Magic Lantern’s ROM Dumper and the functions from the firmware itself, the researchers were able to bypass encryption and verification system in place and then infect the camera using a malicious firmware update file. For this they first set up a rogue WiFi Access Point with the same name as the one that camera is likely to connect to. However, to carry out this attack, the hacker has to be close to the access point. This can be used to target tourists at airports. To carry out the attack via USB, attackers will have to first infect and take over a PC. This means users should avoid public computers to access photos directly from cameras.

    The vulnerability was brought to Canon’s attention in March 2018 and was confirmed by the camera company in May 2019 and a patch was released in August.

    In an official blog post Canon acknowledges, “due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network. However, there have been no confirmed cases of these vulnerabilities being exploited to cause harm."

    Unlock a world of Benefits! From insightful newsletters to real-time stock tracking, breaking news and a personalized newsfeed – it's all here, just a click away! Login Now!

    ABOUT THE AUTHOR
    Abhijit Ahaskar
    Abhijit writes on tech policy, gaming, security, AI, robotics, electronics and startups. He has been in the media industry for over 12 years.
    Catch all the Technology News and Updates on Live Mint. Download The Mint News App to get Daily Market Updates & Live Business News.
    More Less
    Published: 12 Aug 2019, 02:10 PM IST
    Next Story footLogo
    Recommended For You
    Switch to the Mint app for fast and personalized news - Get App