Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News Editorials & Other Articles General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Eugene

(62,651 posts)
Tue Aug 13, 2019, 12:33 AM Aug 2019

If You Value Your Photos, Here's a Good Reason to Turn Off Your Camera's Wifi

Source: Gizmodo

If You Value Your Photos, Here's a Good Reason to Turn Off Your Camera's Wifi

Andrew Liszewski
Yesterday 10:35am Filed to: RANSOMWARE

By now, most people who spend any time online know the importance of ensuring their software is up to date, using an antivirus app, and avoiding the darker corners of the internet to avoid getting infected by malware that locks your files until a ransom is paid. But don’t assume it’s just your computer being targeted; your fancy digital camera and all your precious photos could be at risk as well.

In a report released by security firm Check Point Software Technologies for Def Con 2019, the company’s researchers used details revealed through Magic Lantern, a third-party firmware alternative for Canon DLSRs that unlocks additional functionality, to find and exploit vulnerabilities in the camera maker’s Picture Transfer Protocol that allows images to be transferred to other devices over a USB cable or wifi.



As demonstrated in a video using a Canon 80D DSLR with wifi turned on, the researchers were able to install ransomware directly onto the camera. This not only encrypted the contents of its SD card, including photos and videos, but also locked the camera itself, rendering it useless until a requested ransom is paid and an unlock code is shared with the affected user.

Thankfully, Check Point didn’t have nefarious intentions with this discovery, and its Canon ransomware isn’t out in the wild. Instead, the researchers contacted Canon about the vulnerability back in late March, well ahead of the Def Con reveal, allowing the company to release a firmware update for the 80D last week.

However, a wide range of Canon cameras could potentially be at risk; it’s safe to assume someone else is going to figure out which firmware vulnerabilities were exploited here. As a result, Canon has also issued an official security advisory addressing the researchers’ discovery, advising users to avoid connecting their cameras to unsecure networks or devices, disabling their camera’s network functions when not in use, and ensuring they’ve updated to the latest firmware for their shooter. If you use a Canon DSLR and haven’t seen a firmware update in a while, it’s probably an excellent idea to keep an eye on Canon’s support page until you do.

-snip-


Read more: https://gizmodo.com/if-you-value-your-photos-heres-a-good-reason-to-turn-o-1837168479

______________________________________________________________________

Related: Say Cheese: Ransomware-ing a DSLR Camera (Checkpoint Research)

______________________________________________________________________

Source: The Next Web

Researchers hacked a Canon DSLR with Bitcoin demanding ransomware

The camera's firmware has since been patched

Bitcoin $BTC▼0.6% demanding ransomware knows no bounds, and the latest potential victim? DSLR cameras.

A group of security researchers have managed to exploit vulnerabilities in a Canon EOS 80D digital camera to hold its owner’s photos to a Bitcoin ransom, The Inquirer reports.

The researchers from cybersecurity firm Check Point Research exploited the camera‘s picture transfer protocol (PTP), a piece of software typically used to transfer images from the device to a computer.

Many modern cameras can transfer images over a WiFi connection, this is formerly known as PTP/IP (picture transfer protocol over internet protocol). While this is a useful feature if you’re forever forgetting USB cables it presents a valuable attack vector for hackers.

As Check Point Research points out, PTP is an unauthenticated protocol and can support dozens of complex commands. As such, it can be abused by hackers to inject malicious code on to unsuspecting cameras.

-snip-


Read more: https://thenextweb.com/hardfork/2019/08/12/canon-dslrs-susceptible-bitcoin-ransomware/
Latest Discussions»Help & Search»Computer Help and Support»If You Value Your Photos,...