Canon digital single-lens reflex cameras (DSLR) have been found by independent researchers to have a total of six vulnerabilities that can be exploited by hackers. The six flaws were found in the implementation of the Picture Transfer Protocol (PTP) of Canon cameras that have WIFI and Bluetooth capabilities. The wireless cameras can be accessed through rogue WIFI hot spots to deliver malware, ransomware and a host of other commands that would have to potential to not only affect the camera but also the computer that the user connects it to. The researchers found that the PTP command allows firmware updates without the interaction of the user. A malicious update could be built that would have the correct data signatures that the camera would read as a legitimate update. The researcher was successful in building the exploit that worked over both a USB connection and WIFI that was able to encrypt the camera’s storage card through the firmware update process. This may not be an issue for users who only connect their cameras to trusted networks, but this is a major flaw for users that connect to unsecured public WIFI such as popular tourist attractions. The flaws were communicated responsibly to Canon and they issued an update for the affected cameras.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is