Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
If You Value Your Photos, Here's a Good Reason to Turn Off Your Camera's Wifi
Source: Gizmodo
If You Value Your Photos, Here's a Good Reason to Turn Off Your Camera's Wifi
Andrew Liszewski
Yesterday 10:35am Filed to: RANSOMWARE
By now, most people who spend any time online know the importance of ensuring their software is up to date, using an antivirus app, and avoiding the darker corners of the internet to avoid getting infected by malware that locks your files until a ransom is paid. But don’t assume it’s just your computer being targeted; your fancy digital camera and all your precious photos could be at risk as well.
In a report released by security firm Check Point Software Technologies for Def Con 2019, the company’s researchers used details revealed through Magic Lantern, a third-party firmware alternative for Canon DLSRs that unlocks additional functionality, to find and exploit vulnerabilities in the camera maker’s Picture Transfer Protocol that allows images to be transferred to other devices over a USB cable or wifi.
As demonstrated in a video using a Canon 80D DSLR with wifi turned on, the researchers were able to install ransomware directly onto the camera. This not only encrypted the contents of its SD card, including photos and videos, but also locked the camera itself, rendering it useless until a requested ransom is paid and an unlock code is shared with the affected user.
Thankfully, Check Point didn’t have nefarious intentions with this discovery, and its Canon ransomware isn’t out in the wild. Instead, the researchers contacted Canon about the vulnerability back in late March, well ahead of the Def Con reveal, allowing the company to release a firmware update for the 80D last week.
However, a wide range of Canon cameras could potentially be at risk; it’s safe to assume someone else is going to figure out which firmware vulnerabilities were exploited here. As a result, Canon has also issued an official security advisory addressing the researchers’ discovery, advising users to avoid connecting their cameras to unsecure networks or devices, disabling their camera’s network functions when not in use, and ensuring they’ve updated to the latest firmware for their shooter. If you use a Canon DSLR and haven’t seen a firmware update in a while, it’s probably an excellent idea to keep an eye on Canon’s support page until you do.
-snip-
Andrew Liszewski
Yesterday 10:35am Filed to: RANSOMWARE
By now, most people who spend any time online know the importance of ensuring their software is up to date, using an antivirus app, and avoiding the darker corners of the internet to avoid getting infected by malware that locks your files until a ransom is paid. But don’t assume it’s just your computer being targeted; your fancy digital camera and all your precious photos could be at risk as well.
In a report released by security firm Check Point Software Technologies for Def Con 2019, the company’s researchers used details revealed through Magic Lantern, a third-party firmware alternative for Canon DLSRs that unlocks additional functionality, to find and exploit vulnerabilities in the camera maker’s Picture Transfer Protocol that allows images to be transferred to other devices over a USB cable or wifi.
As demonstrated in a video using a Canon 80D DSLR with wifi turned on, the researchers were able to install ransomware directly onto the camera. This not only encrypted the contents of its SD card, including photos and videos, but also locked the camera itself, rendering it useless until a requested ransom is paid and an unlock code is shared with the affected user.
Thankfully, Check Point didn’t have nefarious intentions with this discovery, and its Canon ransomware isn’t out in the wild. Instead, the researchers contacted Canon about the vulnerability back in late March, well ahead of the Def Con reveal, allowing the company to release a firmware update for the 80D last week.
However, a wide range of Canon cameras could potentially be at risk; it’s safe to assume someone else is going to figure out which firmware vulnerabilities were exploited here. As a result, Canon has also issued an official security advisory addressing the researchers’ discovery, advising users to avoid connecting their cameras to unsecure networks or devices, disabling their camera’s network functions when not in use, and ensuring they’ve updated to the latest firmware for their shooter. If you use a Canon DSLR and haven’t seen a firmware update in a while, it’s probably an excellent idea to keep an eye on Canon’s support page until you do.
-snip-
Read more: https://gizmodo.com/if-you-value-your-photos-heres-a-good-reason-to-turn-o-1837168479
______________________________________________________________________
Related: Say Cheese: Ransomware-ing a DSLR Camera (Checkpoint Research)
______________________________________________________________________
Source: The Next Web
Researchers hacked a Canon DSLR with Bitcoin demanding ransomware
The camera's firmware has since been patched
Bitcoin $BTC▼0.6% demanding ransomware knows no bounds, and the latest potential victim? DSLR cameras.
A group of security researchers have managed to exploit vulnerabilities in a Canon EOS 80D digital camera to hold its owner’s photos to a Bitcoin ransom, The Inquirer reports.
The researchers from cybersecurity firm Check Point Research exploited the camera‘s picture transfer protocol (PTP), a piece of software typically used to transfer images from the device to a computer.
Many modern cameras can transfer images over a WiFi connection, this is formerly known as PTP/IP (picture transfer protocol over internet protocol). While this is a useful feature if you’re forever forgetting USB cables it presents a valuable attack vector for hackers.
As Check Point Research points out, PTP is an unauthenticated protocol and can support dozens of complex commands. As such, it can be abused by hackers to inject malicious code on to unsuspecting cameras.
-snip-
The camera's firmware has since been patched
Bitcoin $BTC▼0.6% demanding ransomware knows no bounds, and the latest potential victim? DSLR cameras.
A group of security researchers have managed to exploit vulnerabilities in a Canon EOS 80D digital camera to hold its owner’s photos to a Bitcoin ransom, The Inquirer reports.
The researchers from cybersecurity firm Check Point Research exploited the camera‘s picture transfer protocol (PTP), a piece of software typically used to transfer images from the device to a computer.
Many modern cameras can transfer images over a WiFi connection, this is formerly known as PTP/IP (picture transfer protocol over internet protocol). While this is a useful feature if you’re forever forgetting USB cables it presents a valuable attack vector for hackers.
As Check Point Research points out, PTP is an unauthenticated protocol and can support dozens of complex commands. As such, it can be abused by hackers to inject malicious code on to unsuspecting cameras.
-snip-
Read more: https://thenextweb.com/hardfork/2019/08/12/canon-dslrs-susceptible-bitcoin-ransomware/