Israeli Check Point researches has identified serious security vulnerabilities in Canon's DSLR cameras that allow graft damage and attacks by exploiting the cameras' connection to the WiFi network, the company announced at a DEFCON conference in Las Vegas on Sunday. The camera model is the EOS 80D. Check Point investigators updated Canon, and the two companies worked together to fix the loophole. Canon, which controls more than 50% of the market, has released a security update.
Check Point noted that they believe the same weakness can be found in cameras of other leading brands. This is because of the protocol that allows the image files to be transferred digitally from the camera directly to the computer. Today, modern still cameras use PTP (PICTURE TRANSFER PROTOCOL), a protocol that defines digital image transfer from the camera directly to the computer. ).
Check Point's information security researchers tested this protocol by examining Canon's advanced DSLR cameras. The exam focused on the USB interface and the wireless network connection of the cameras and identified security vulnerabilities that allow hackers to take control of the camera's files and damage the camera, including infrared attacks where all content is encrypted until a ransom is paid to the hackers. Also, weaknesses were identified that allow the camera to be attacked by the computer via the same USB connection in the camera.
Eyal Itkin, the researcher at the head of the study, commented on the findings, saying: "Every smart device, including DSLR cameras, is subject to cyber attacks. Indeed, installing a heresy attack, for example, will allow an attacker to encrypt all the material in the camera and thus, the content on the cameras becomes 'hostage' until the hacker achieves it. "
Check Point noted that camera owners who want to protect themselves from attacks should make sure the camera is up-to-date with the latest software update, turn off the wireless Internet connection when it is not needed, and when connecting to an internet network, it is recommended to use the connection point provided by the camera rather than the public network.
photo: Check point