WiFi connectivity in digital cameras has made uploading photos a lot easier for photographers. But like most connected devices, this has also made them susceptible to cyberattacks.
A new study by cybersecurity firm Checkpoint claims that the Picture Transfer Protocol (PTP) used by modern day cameras to transfer digital images to PC is vulnerable to ransomware or malware attacks. The standard was created by International Imaging Industry Association and in the beginning it was only used for image transfer over USB but since PTP-IP came into the picture, it is used for several other tasks such as taking live photos, transferring files on cloud and upgrading camera firmware.
“Cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to. The photos could end up being held hostage until the user pays the ransom for them to be released," Eyal Itkin, security researcher at Check Point, said in a press statement.
The researchers took a Canon EOS 80D, which supports both WiFi and USB connectivity and has a developer community called Magic Lantern, which uses open source tools to make add-ons for the cameras. Since the protocol is used by other brands also, Check Point believes cameras that use WiFi and USB are potentially at risk.
Using Magic Lantern’s ROM Dumper and the functions from the firmware itself, the researchers were able to bypass encryption and verification system in place and then infect the camera using a malicious firmware update file. For this they first set up a rogue WiFi Access Point with the same name as the one that camera is likely to connect to. However, to carry out this attack, the hacker has to be close to the access point. This can be used to target tourists at airports. To carry out the attack via USB, attackers will have to first infect and take over a PC. This means users should avoid public computers to access photos directly from cameras.
The vulnerability was brought to Canon’s attention in March 2018 and was confirmed by the camera company in May 2019 and a patch was released in August.
In an official blog post Canon acknowledges, “due to these vulnerabilities, the potential exists for third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network. However, there have been no confirmed cases of these vulnerabilities being exploited to cause harm."