Security researchers have found that DSLR cameras that are connected to a Wi-Fi network are vulnerable to attacks required by a computer. Researchers from security firm Check Point Software, found that connected cameras could be hacked if the attacker was closer to the camera's Wi-Fi.
Demonstrating its findings in DefCon 2019 at a hacking conference, researchers said hackers could encode digital photos after compromising the device. Researchers used and identified the shortcomings of the Canon EOS for their demonstration.
According to the researchers digital cameras use PTP to transfer digital files that can be used by malicious participants to infect the camera with Ransomware,
Researchers have introduced how an attacker can inject malware and encrypt photos in the camera's memory with the help of cryptographically process.
Check Point said they reported these issues to Canon in March 2019. However, Canon urged its customers to avoid dangerous Wi-Fi networks and upgrade the device to fix bugs.
"Daniel Mende demonstrates all the different network attacks that are possible for any network protocol that Canon EOS cameras supported at that time. At the end of his talk, Daniel discussed the PTP / IP network protocol, showing that an attacker could communicate with the camera by sniffing out a specific GUID from the network, a GUID that is generated when the target's computer pairs with the camera. Because the PTP protocol offers different commands and is not authenticated or encrypted in any way, it demonstrates how it (incorrectly) uses the functionality of the victim spying protocol. " Checkpoint specified in the post.
"In our study, we seek to move beyond the access point and use of protocol functionality. By simulating attackers, we want to find application vulnerabilities in the protocol, hoping to use them to take over the camera. Such a Remote Code Execution (RCE) script will allow attackers to do whatever they want with the camera, and infecting it with Ransomware is just one of many options, "the statement added.