Do you use a Canon DSLR?
If so, watch out. Because hackers can exploit your camera and hold your images hostage.
Seriously.
Let me explain:
Ransomware is malicious software that hackers can use to infect your camera. Once the ransomware gains access to your camera, it encrypts your images, making them completely inaccessible to you.
That’s when the hacker makes a demand:
If you ever want to see your photos again, you must pay a sum of money. In return, the hacker will give you an encryption key, which allows you to break the encryption and access your images.
In other words:
The hacker holds your images hostage. And if you want them back, you have to pay the ransom.
For some, ransomware might not be news. Ransomware attacks have been going on for decades.
Except it was only this year that a company called CheckPoint demonstrated the hackability of Canon cameras. CheckPoint realized that Canon’s Picture Transfer Protocol (PTP) could be easily exploited by hackers through a USB connection or, more disturbingly, over Wi-Fi.
Then CheckPoint carried out a ransomware attack on a Canon 80D, and they did it over the camera’s Wi-Fi connection. The attack required absolutely no interaction with the camera owner.
CheckPoint shared their findings with Canon, prompting the company to produce a security advisory that warns consumers of the dangers of a “third-party attack.” Read the full security advisory on the Canon website.
Canon is now working hard on a patch for this vulnerability and has already produced a firmware update for the Canon 80D.
Meanwhile, Canon has released recommendations for other camera users:
- Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
- Do not connect the camera to a PC or mobile device that is being used in an unsecure network, such as in a free Wi-Fi environment.
- Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
- Disable the camera’s network functions when they are not being used.
- Download the official firmware from Canon’s website when performing a camera firmware update.
So for owners of the Canon 80D, I suggest you update your camera. You don’t want to remain vulnerable.
And for anyone else with a Canon camera, keep an eye out for Canon firmware updates. This is especially critical if your camera features a Wi-Fi connection, which can be exploited much more easily than a USB connection.
Do you own a Canon with a wif-fi connection? Will you be updating your firmware?