We are all pretty used to hearing about computers getting hit by ransomware. The likes of Wannacry, Ryuk, and NotPetya come to mind managing to pull millions of dollars between them. What doesn’t come to mind, is camera ransomware. But that is exactly what has happened. As vulnerabilities found in the image transfer protocol used in digital cameras enable a camera to become infected with ransomware.
Vulnerabilities found in Picture Transfer Protocol
A total of six flaws were found in Canon’s implementation of the Picture Transfer Protocol. It is possible for these vulnerabilities to be exploited through a direct connection to a computer, or connected to a rogue Wi-Fi access point.
A security researcher for Check Point was able to analyse how the Picture Transfer Protocol worked in Canon cameras. By analysing all of the 148 commands, the researcher managed to slim down the list to a number of commands that could receive an input buffer.
The researcher managed to discover a command that would allow for OTA firmware updates without the user having to do anything. Essentially allowing the execution of malicious code without the camera owner even realising. By reverse-engineering the keys that prove the legitimacy of the firmware, the researcher was able to create a malicious update.
Firmware was built that could be installed either through USB or Wi-Fi, and it allowed for the encryption of files found on the camera’s storage. This was done using the exact same cryptographic function found in the firmware update process. This results in what is camera ransomware.
In this case, once the ransomware was flashed and the files encrypted, a message would show on the camera’s monitor that looks an awful lot like the well-known WannaCry ransom page.
Very interesting proof of concept with real ramifications
In the same way many people keep very important files on their PCs, people that own these sorts of cameras are often professionals. Imagine if you just got done with a photoshoot, and you are looking to copy over your day’s work. You connect to a public Wi-Fi network and without you even knowing, your photos are all encrypted. Essentially destroying all of that work.
Whilst the researcher, Eyal Itkin, has done fantastic work here with so many places needing to fall into place. It really does give photographers food for thought.
Updates have already been issued by Canon as of July 30th, so make sure to update as soon as possible. It’s also probably worth only connecting your camera to trusted Wi-Fi networks in future, just to be safe. If possible, just take your photos off manually using whatever removable storage medium your camera supports. Whilst in concept, this is fascinating, it could have a very real impact in the real world. Hopefully, camera manufacturers keep on top of this from now on.