Canon yesterday issued security advisory concerning a security flaw in their Picture Transfer Protocol, the WiFi transfer protocol used on Canon cameras.
The security flaw was demonstrated by Israeli security company Check Point Research during DEF CON 2019. The security researchers were able to hijack a Canon EOS 80D using USB and wirelessly using WIFI.
The discovered vulnerabilities would allow a malicious actor to take over a target’s DSLR camera through both WiFi and USB, giving him full control over it. Such an infection could, for example, be used for installing a Ransomware on the camera, and demanding ransom for both the images and the camera itself. Not a nice scenario for professionals.
As LensVid sums it up:
An attacker who would want to use a similar approach to perform a real-world ransomware attack on a EOS 80D will need to set-up a rogue WiFi Access Point and initiate the exploit (something that can certainly be done by many sufficiently experienced attackers although will require the Camera’s WIFI to be turned on).
The video below shows how Check Point Research exploited the Canon EOS 80D using the cited security flaw. By building on existing knowledge of Magic Lantern, they were able to build a ransomware.
All the steps involved in exploiting the security flaw in Canon’s WiFi transfer protocol are documented in this technical article.
Check Point Research promptly informed Canon. While waiting for the firmware updates, Canon recommends the following:
- Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
- Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
- Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
- Disable the camera’s network functions when they are not being used.
- Download the official firmware from Canon’s website when performing a camera firmware update.
Canon already issued a firmware update for the Canon EOS 80D, and more updates will follow.
Unfortunately, that’s not the end of the story. The researchers found multiple critical vulnerabilities in Canon’s Picture Transfer Protocol. And it’s likely these vulnerabilities are present in other manufacture’s PTP as well.
Stay tuned.[via LensVid]