Modern Cameras Connectivity to Wi-Fi Make Them Vulnerable to Ransomware and Malware
Modern Cameras Connectivity to Wi-Fi Make Them Vulnerable to Ransomware and Malware

Filmmaker’s Nightmare: Camera Has Been Hacked

2019-08-14
4 mins read

Our cinema cameras are exposed to hackers. A recent cybersecurity study conducted by leading IT security company has revealed major breaches in the Picture Transfer Protocol of modern cameras when connected to WiFi. Your precious media might be vulnerable to hackers and malware. Read below how to avoid it.

Using simple devices to hack and attack your camera
Using simple devices to hack and attack your camera

Picture Transfer Protocol (PTP):  A simple pathway to hack your camera

Check Point, a leading provider of cybersecurity solutions, revealed that via connections to WiFi networks, modern cameras are vulnerable to ransomware and malware attacks.

Since modern cameras no longer use film to capture and reproduce images, the International Imaging Industry Association devised a standardized protocol known as Picture Transfer Protocol (PTP) to transfer digital footage from the camera to PC. Initially focused on image transfer, this protocol has evolved to include dozens of different commands that support anything from taking a live picture to upgrading the camera’s firmware.

Cameras are no longer just connected to the USB, but the WiFi network and its surrounding environment. That makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC. The footage could end up being held hostage until the user pays the ransom for them to be released

Eyal Itkin, Security Researcher, Check Point Software Technologie

Canon EOS 80D as a reference

For the research, Check Point used Canon’s EOS 80D DSLR camera which supports both USB and WiFi, and critical vulnerabilities in the PTP were found. Given that the protocol is standardized and embedded in other camera brands, Check Point believes similar vulnerabilities can be found in cameras from other vendors as well.  “Any ‘smart’ device, including the DSLR camera, is susceptible to attacks,” says Eyal Itkin, Security Researcher, Check Point Software Technologies. “Cameras are no longer just connected to the USB, but the WiFi network and its surrounding environment. That makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC. The footage could end up being held hostage until the user pays the ransom for them to be released.”

Exploiting the camera over WiFi
Exploiting the camera over WiFi

FYI: PTP as an ideal layer for hackers

From an attacker’s perspective, the PTP layer looks like a high target:

  1. PTP is an unauthenticated protocol that supports dozens of different complex commands. Vulnerability in PTP can be equally exploited over USB and WiFi.
    The WiFi support makes our cameras more accessible to nearby attackers.
  2. WiFi – An attacker can place a rogue WiFi access point at a tourist attraction, to infect your camera.
  3. Hacking and penetrating the PTP protocol with the help of Magic Lantern documentation (in the case of Canon EOS). 
Ransomware installed
Ransomware installed

Magic Lantern (ML) is an open-source, free software add-on that adds new features to the Canon EOS cameras. As a result, the ML community already studied parts of the firmware and documented some of its APIs.  Attackers are profit-maximizers. They strive to get the maximum impact (profit) with minimal effort (cost). In this case, research on Canon cameras will have the highest impact for users and will be the easiest to start, thanks to the existing documentation created by the ML community.

Media is encrypted by hackers and camera is locked
Media is encrypted by hackers and camera is locked

Furthermore, it’s important to note, that one of attacker’s first step is to check if there is a publicly available firmware update file in the vendor’s website. That’s easy because almost any cinema manufacturer uploads firmware updates to its website. In most cases, those firmware updates are encrypted/compressed. However, hackers will finally manage to decrypt the firmware using dedicated tools. In the fact of Canon EOS 80D, ML (Magic Lantern) documentation was more than helpful (for the bad guys).

Go here to read more about the methods and process of this case study.

The hack of the D80 is demonstrated in the video below:

A filmmaker’s nightmare

The attacker, nearby (WiFi), can also propagate to and infect your beloved cameras with malware. Imagine your RED get hacked by using a Wi-Fi network. In that case, all your media stored in Mini-Mag will be encrypted, which means you can’t access it, only by paying ransom to attackers.

Wi-Fi causes cameras vulnerable
Wi-Fi causes cameras vulnerability

Canon’s response

Check Point Research informed Canon about the vulnerabilities, and the companies worked together to patch them.

Here is Canon’s response to the successful attempt of hacking the D80: “An international team of security researchers has drawn our attention to a vulnerability related to communications via the Picture Transfer Protocol (PTP), which is used by Canon digital cameras, as well as a vulnerability related to firmware updates. Due to these vulnerabilities, the potential exists for a third-party attack on the camera if the camera is connected to a PC or mobile device that has been hijacked through an unsecured network. At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm, but in order to ensure that our customers can use our products securely, we would like to inform you of the following workarounds for this issue“.

  1. Ensure the suitability of security-related settings of the devices connected to the camera, such as the PC, mobile device, and router being used.
  2. Do not connect the camera to a PC or mobile device that is being used in an unsecured network, such as in a free Wi-Fi environment.
  3. Do not connect the camera to a PC or mobile device that is potentially exposed to virus infections.
  4. Disable the camera’s network functions when they are not being used.
  5. Download the official firmware from Canon’s website when performing a camera firmware update.

Conclusions

The PTP protocol is standardized and embedded in other camera brands, which means that almost every cinema camera which uses this protocol is exposed for malware. In that case, the media can be encrypted, and filmmakers will not be able to access their media. To avoid it:

  1. Make sure your camera is using the latest firmware version.
  2. Turn off the camera’s WiFi when not in use.
  3. When using WiFi, prefer using the camera as the WiFi access point, rather than connecting your camera to a public WiFi network.

This safety measures will reduce the chances of your camera being hacked. Furthermore, PTP is not the sole pathway of hacking your camera.

Remember! When it’s connected to WiFi, it can be hacked!

Yossy is a filmmaker who specializes mainly in action sports cinematography. Yossy also lectures about the art of independent filmmaking in leading educational institutes, academic programs, and festivals, and his independent films have garnered international awards and recognition.
Yossy is the founder of Y.M.Cinema Magazine.

Leave a Reply

Your email address will not be published.

Get the best of filmmaking!

Subscribe to Y.M.Cinema Magazine to get the latest news and insights on cinematography and filmmaking!

Get the best of filmmaking!

Subscribe to Y.M.Cinema Magazine to get the latest news and insights on cinematography and filmmaking!

Blackmagic Design - DNA of innovation
Previous Story

Blackmagic Design: At The Cutting Edge of Real Cinema Innovation

Cine-lenses
Next Story

Cinema Lenses vs. Still Lenses: It’s Not About the Image Quality Alone

Latest from Educate

The Best Digital Cinema Cameras for 2024

The Best Digital Cinema Cameras for 2024

In the ever-evolving landscape of filmmaking, the tools we use shape the stories we tell. Digital cinema cameras have become the cornerstone of modern filmmaking, combining cutting-edge technology with creative flexibility to…
The Philosophy Behind Sony Cinema Line

The Philosophy Behind Sony Cinema Line

Sony’s Cinema Line has become an icon in the world of digital cinema. It’s more than just a collection of cameras; it’s a philosophical commitment to empower creators and push the boundaries…
Go toTop

Don't Miss

Canon’s AR/VR Glasses Patent: A Counterstrike to Apple Vision Pro Aiming at the Masses

Canon’s AR/VR Glasses Patent: A Counterstrike to Apple Vision Pro Aiming at the Masses

Canon, a titan in the optics and imaging world, appears to be making a bold move into the AR/VR landscape, as outlined in…
Did Camera Manufacturers Forget the Definition of 'Flagship'?

Did Camera Manufacturers Forget the Definition of ‘Flagship’?

The term flagship once conjured images of groundbreaking innovation, jaw-dropping performance, and a bold statement about the future of technology. For decades, the…