DSLR Firmware Flaw Can Leave You Vulnerable to Ransomware: Here's How to Stay Safe
Electronics & Gadgets  

A recent report by Check Point Software stated how hackers can easily transfer malicious software to DSLRs, thereby putting even cameras at risk of ransomware attacks.


A recent security report has revealed how even DSLRs at risk from malicious cyberattacks, showing just how far online hacking and thefts have come to. According to Check Point Software's presentation at the ongoing DEFCON, DSLRs which include Wi-Fi connectivity can be easily left vulnerable to ransomware and malware attacks, hence presenting the risk of financial loss or data theft even in an unsuspecting piece of hardware.
How can cameras be hacked?
The process is actually not all that complicated. Hackers can simply search for Wi-Fi SSIDs of cameras, particularly in prominent tourist hotspots. Given how DSLRs, mirrorless cameras and even premium compact cameras have become more accessible, it is likely that every tourist spot would include some cameras that include Wi-Fi connectivity. It is further important to note that Wi-Fi connectivity has steadily become more common in mainstream, semi-professional and professional cameras, which makes this flaw even more significant.
Once a Wi-Fi SSID is spotted, an attacker can then easily authenticate the connection from their end without knowledge of the camera owner, and transfer a malware that encrypts the plugged-in SD card that includes photographs that can be private, sensitive or simply emotional in nature. The reason why this can be done now is because of camera innovation itself — previously, Wi-Fi in cameras only allowed for one-sided transfer of images, from the camera to a smartphone or a laptop. Nowadays, Wi-Fi and Bluetooth are being used for more features such as using a smartphone as a viewfinder and remote controller, streaming live to social media, etc. This necessitates two-way transfer of data between the camera and the target device.
Once the malware is installed, the entire camera firmware will likely be locked out of user access, until a ransom is paid to a target internet address. Further users with malicious intentions can simply steal data for identity theft, or delete all files as part of nefarious objectives. Commonly referred to as Picture Transfer Protocol (PTP), such flaws can be particularly sensitive in nature


How can users stay safe?
To begin with, users of all cameras should look out for patches that will be released by all camera manufacturers in response to the disclosure of the PTP vulnerability. With the hack having been demonstrated with a Canon EOS 80D DSLR, the imaging company has already released a patch for its firmware, which can be downloaded here. Furthermore, it is always good practice to use the camera's Wi-Fi setup as the access point and connect your smartphone to the camera's network, which creates an intranet of sorts.
Despite not being fail-proof, it is still more secure than connecting to public Wi-Fi hotspots — something that hackers often track in order to detect vulnerable Wi-Fi SSIDs. Finally, users should remain cautious as far as possible, and use the in-camera Wi-Fi only when a file transfer is being made, or other features are being used. As long as it is not necessary, it is good practice to refrain from using the camera with the Wi-Fi turned on.



More in Electronics & Gadgets

As the arrival date for the PlayStation 5 draws closer, there has been more information than usual. A few days ago, there were reports that the official slogan of t...

Recently posted . 8 views

View: A $21 billion telecom war comes down to just $2

New Delhi wants nearly $21 billion in back license fees and spectrum usage charges, including penalties, interest.  

Recently posted . 10 views

iPhone 12 with 6.7-inch display to be thinner than iPhone 11 Pro Max, ...

The latest reports also claim that the 6.7-inch iPhone 12 model will be slightly taller than the iPhone 11 Pro Max and feature a triple-lens rear camera with larg...

Recently posted . 13 views

Reliance Jio launches UPI payments, to take on Google Pay, Paytm and o...

Reliance has rolled out the new feature within the MyJio app and has made it available to select users (like WhatsApp did with its payment service) ...

Recently posted . 54 views

I tried Microsoft's new browser on my MacBook and got a peculiar surpr...

Could anyone possibly be excited by, or even interested in, a new browser. I tried the new Microsoft Edge on my MacBook Air and examined my feelings.

Recently posted . 15 views



Thought of the day

Try not to become a man of success, but rather try to become a man of value.
Albert Einstein