13 Aug 2019

Cameras are vulnerable to hacking too

  • Written by 
Ransomware just got that bit more personal... Ransomware just got that bit more personal... Check Point Research

And you thought you had enough to worry about. An Israeli security research firm has just published a post where they detail how they installed ransomware on a Canon EOS 80D.

The security researchers in question are called Check Point Research and they started off this ransomware project by asking a very simple question: “Could hackers take over our cameras, the guardians of our precious moments, and infect them with ransomware?”

The answer: yes.

It’s not an easy ‘yes’ but it is a ‘yes’. Essentially a hacker on the same WiFi network or who has already infected a connected PC can exploit vulnerabilities in the Picture Transfer Protocol (PTP) to effectively take over the camera.

As CPR points out, from an attacker’s perspective, the PTP layer looks like a great target: PTP is an unauthenticated protocol that supports dozens of different complex commands; vulnerability in PTP can be equally exploited over USB and over WiFi; and the WiFi support makes cameras more accessible to nearby attackers.

Ransomware was the first thing the researchers thought to try — send bitcoins or never see your pictures or use your camera again! — but there are probably several other nefarious uses a hacker could put a hacked camera to. And it’s not a case of non-Canon owners feeling smug either. Having uncovered the vulnerability, CPR informed Canon who issued a patch, and it has been only after its publication last week that the company has now gone public with the story.

You can read more about the hack in fairly excruciating technical detail here Say Cheese: Ransomware-ing a DSLR Camera or watch the video below. But we leave you with these comforting words.

“During our research we found multiple critical vulnerabilities in the Picture Transfer Protocol as implemented by Canon. Although the tested implementation contains many proprietary commands, the protocol is standardized, and is embedded in other cameras. Based on our results, we believe that similar vulnerabilities can be found in the PTP implementations of other vendors as well.”


Andy Stout

Andy has spent over two decades writing about all aspects of the broadcast and film industries for a variety of high-profile industry publications on both sides of the Atlantic. During that time the industry has moved from 4:3 SD to 16:9 SD to HD and now on to 4K HDR. He's getting kind of curious to see where it goes next.

Twitter Feed