Security firm demonstrates ransomware on Canon EOS 80D DSLR
Security firm Check Point Research has demonstrated malware for a Canon EOS 80D DSLR. The ransomware encrypts the photos on the SD card and uses Wi-Fi to exploit vulnerabilities in the picture transfer protocol.
Canon has confirmed the vulnerabilities and released patches to fix them in the firmware. The security company then posted its findings online. The vulnerability ultimately used exploits a buffer overflow in the SendHostInfo function of the ptp code in Canon’s EOS 80D camera. That turned out to be the only way to take over the camera was via WiFi. This was also possible via USB via a vulnerability in SetAdapterBatteryReport.
The researcher used the vulnerabilities to update the camera’s software via ptp. Since the firmware contains the keys with which the software checks whether an update is legitimate, the researcher was able to install a malicious file as if it were a legitimate update. Subsequently, encrypting the photos turned out to be possible by supporting AES encryption in the firmware.
Check Point used an 80D due to the presence of a community that supports custom software for the camera, making it relatively easy to penetrate and analyze the firmware. The researcher believes that due to the use of the ptp protocol, it is also possible that other cameras also contain vulnerabilities. There are no known cases of malware outbreaks encrypting photos on cameras.