There are countless numbers of victims being targeted by ransomware, and it had become a major threat to the technological system. People have been getting locked out on their devices as well as being locked out on establishments.
And the risk also applies to a DSLR camera.
Ransomware presents a serious threat to business data, as it has the ability to block access to files until the victim pays the attacker. It is a form of malware that works by encrypting user data until the correct decryption key has been entered.
This means all valuable information that you have saved and put aside for future use, well might not be used at all. The data that you have will be encrypted and will not be usable until the ransom is paid, and the right key for decryption has been placed.
Ransomware is spread through click-baiting people with emails that appear to be legitimate. It can also spread via drive-by-downloads on compromised or malicious websites. There are also instances that ransomware attacks have been sent using social media platforms like Facebook Messenger and alike.
If a device is already infected by ransomware, it is generally assumed that all of its sensitive data has been compromised, this may include its username and passwords, payment information, email addresses, and contact information.
Now the underlying question is how a DSLR, a device does not need to download anything or can’t even click on hyperlinks for downloads, gets infected by the ransomware.
The vulnerability lies in the PTP or Picture Transfer Protocol in Canon cameras. This occurs when an image is in the transfer protocol and gets infected with ransomware over a rogue WiFi connection. The final stage of the attack would be a total take over of your device, allowing hackers to install any kind of malware on the camera itself.
Canon scanned their program and found 38 of them that receive an input buffer. Here is a list of some commands that are vulnerable and their unique numeric opcode:
- CVE-2019-5994 – Buffer Overflow in SendObjectInfo (opcode 0x100C)
- CVE-2019-5998 – Buffer Overflow in NotifyBtStatus (opcode 0x91F9)
- CVE-2019-5999– Buffer Overflow in BLERequest (opcode 0x914C)
- CVE-2019-6000– Buffer Overflow in SendHostInfo (opcode0x91E4)
- CVE-2019-6001– Buffer Overflow in SetAdapterBatteryReport (opcode 0x91FD)
- CVE-2019-5995 – Silent malicious firmware update
There are also commands that are related to Bluetooth that have bugs.
“We started by connecting the camera to our computer using a USB cable. We previously used the USB interface together with Canon’s “EOS Utility” software, and it seems natural to attempt to exploit it first over the USB transport layer,” said Eyal Itkin, the person who discovered the vulnerabilities.
Itkin shows off how he was able to show that a Canon E0S 80D over WiFi-connected while using the SD card causes the files to be encrypted and could not access them. This makes it particularly a potential target for hackers.
Hackers are more likely to be attracted to personal images that most people wouldn’t want to walk away from. In a real ransomware attack, a hacker will demand a small amount of money in exchange for the decryption key to unlock the images that was hacked from the victim. The amount is rather small, and victims would rather pay them to get rid of the inconvenience.
Imagine a number of people paying the small fee, and this would generate a huge amount in total, thus making the hacker gain more money by just doing ransomware to a number of victims.
Ransomware would be highly effective when we are talking about DSLR cameras since cameras contain much personal information which the victims would likely to pay to recover.
Itkin also noted that he has only worked with a Canon device. Thus the verge of it being transmitted or happening to other devices that are not manufactured by Canon is very slim; this is due to the complexity of the protocol. This means that other vendors might be vulnerable as well, but it somehow depends on their respective implementation.
For now, connecting to a public WiFI using your DSLR might be a big problem. So far this is the only option that a DSLR camera can be infected by a ransomware, thus connecting it via SD card would possibly be ok.