Security boffins find that Canon DSLR cameras are vulnerable to ransomware

Security boffins find that Canon DSLR cameras are vulnerable to ransomware

You’re unlikely to be seeing this message on your camera, unless you take a photo of this photo

DON’T YOU MISS the days when ransoms were delivered by hand with bits of cut-out newspaper? That personal touch is long gone, replaced by encrypted files and a blunt demand for Bitcoin.

Still, security researchers at Check Point have at least managed to play with the formula a little, and have discovered a way of making a Canon EOS 80D hold an owner’s photographs to ransom, with the demand for cash displayed on the device’s 3in TFT screen.

You can read the full details of how the researchers pulled off the attack here, but the long and short of it is that they were able to take advantage of the camera’s WiFi connection to encrypt all the photos on the device, and then flash up the familiar demand for cash. 

Unless photography is your career, photos might not seem like the juiciest ransomware target, but in terms of sentimental value, they can be right up there as the researchers note.

“We take them to every important life event, we bring them on our vacations, and we store them in a protective case to keep them safe during transit,” they write. “Cameras are more than just a tool or toy; we entrust them with our very memories, and so they are very important to us.”

The bad news is that while Canon has issued a security advisory telling people to install a security patch and avoid unsecured WiFi networks, there’s every reason to suspect other companies’ cameras could be just as vulnerable.

The good news is that while Check Point has shown ransomware on cameras to be technically possible, it’s still a pretty unlikely hack to be pulled off in the wild. For starters, while most modern DSLR cameras have WiFi built in, the general slow transfer speed means that people tend to transfer directly via SD card, unless they’re just moving one or two images. And if there’s only one or two images, then any ransom is likely to be ignored. 

Perhaps more importantly, even if you do use the Wi-Fi functionality to transfer photos, the chances are that you’ll do this in the comfort of your own home, rather than through an insecure public Wi-Fi hot spot.

Still, like getting Doom to work on an ATM or a MacBook Pro’s TouchBar, the practicality is less important than the possibility. And if nothing else, it’s always helpful to be reminded that free WiFi isn’t always what it seems. µ

Further reading