With the modern flaws and vulnerabilities in the field of cybersecurity, even DSLRs are not safe from attacks. A recent report from Check Point Research demonstrated how they managed to hijack a DSLR camera made by Canon.
The report detailed how they were able to get into and make a Canon DSLR camera unfunctional. The process involved exploiting the Wi-Fi and USB to take over the cameras. In case you’re wondering, yeah modern cameras come with support for Wi-Fi for seamless transfer of files and remotely controlling the camera using a smartphone.
An attacker can silently get through exploiting the Picture Transfer Protocol without raising any sorts of doubts to the camera owner since the protocol is unauthenticated. After getting access, the attacker can perform whatever he/she wishes to. The worst-case would be installing ransomware and locking the user out while wiping the storage seems probable too.
In the video demonstration, researchers showed how they were able to gain access to Canon EOS 80D DSLR. The researchers reported the vulnerability to Canon back in March and they were working closely with Canon on a patch.
Canon has stated the following workarounds to get around this issue on their support page.
- Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
- Do not connect the camera to a PC or mobile device that is being used in an unsecured network, such as in a free Wi-Fi environment.
- Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
- Disable the camera’s network functions when they are not being used.
- Download the official firmware from Canon’s website when performing a camera firmware update.
With the vulnerability getting known to the public, more camera companies are going to roll out firmware updates fixing this issue in the upcoming days and we would recommend you to check for new firmware updates on your camera manufacturer’s blog. Also, do not forget to use a trusted Wi-Fi connection during the update process.