Even Cameras Are Not Safe from Malware

Most modern cameras now have WiFi to make it easier to transfer images between the camera and a computer. The protocol they use to transfer files is not secure and can be easily hacked to install ransomware on the camera, which would likely also infect the PC it's connected to. The attack will also work over a USB connection, which almost all digital cameras have had since they hit the market.

From an attacker’s perspective, the PTP layer looks like a great target:

• PTP is an unauthenticated protocol that supports dozens of different complex commands.
• Vulnerability in PTP can be equally exploited over USB and over WiFi.
• The WiFi support makes our cameras more accessible to nearby attackers.

In this blog, we focus on the PTP as our attack vector, describing two potential avenues for attackers:

• USB – For an attacker that took over your PC, and now wants to propagate into your camera.
• WiFi – An attacker can place a rogue WiFi access point at a tourist attraction, to infect your camera.

In both cases, the attackers are going after your camera. If they’re successful, the chances are you’ll have to pay ransom to free up your beloved camera and picture files.

If you have a camera with WiFi, you should keep an eye on the manufacturer's website for firmware updates. Unfortunately, unless your camera is fairly new, you are probably out of luck.

(I guess I should set up another category for items like this: Why We Can't Have Nice Things. )