Wednesday January 29, 2020
Home Lead Story DSLR Cameras ...

DSLR Cameras More Vulnerable to Malware Attacks, Suggest Researchers

To avoid attacks, camera owners should make sure your camera is using the latest firmware version, and install a patch if available, Check Point recommended

0
//
Nikon
DSLR cameras vulnerable to malware attacks: Researchers. Pixabay

It is not just your phone or computer that are vulnerable to hacking. Security researchers have now warned that even DSLR cameras are not immune to ransomware and malware attacks.

Through the USB and connections to Wi-Fi networks, threat actors can take control of data on modern cameras, found the researchers from cybersecurity firm Check Point Software Technologies.

“Any ‘smart’ device, including the DSLR camera, is susceptible to attacks,” said Eyal Itkin, Security Researcher, Check Point Software Technologies.

“Cameras are no longer just connected to the USB, but to the WiFi network and its surrounding environment. This makes them more vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to,” Itkin added.

Once the camera is attacked, the photos could end up being held hostage until the user pays the ransom for them to be released.

Since modern cameras no longer use film to capture and reproduce images, the International Imaging Industry Association devised a standardised protocol known as Picture Transfer Protocol (PTP) to transfer digital images from camera to PC.

fujifilm
The camera offers fast and silent continuous shooting of up to 30 fps in a cropped frame equivalent to 16.6MP. (Representational image). Wikimedia Commons

Initially focused on image transfer, this protocol has evolved to include dozens of different commands that support anything from taking a live picture to upgrading the camera’s firmware.

Check Point Research, the threat intelligence arm of Check Point Software Technologies, aimed to access the cameras and exploit vulnerabilities in the protocol to infect the camera.

For the research, Check Point used Canon’s EOS 80D DSLR camera which supports both USB and Wi-Fi, and critical vulnerabilities in the Picture Transfer Protocol were found.

Check Point Research informed Canon about the vulnerabilities and the companies worked together to patch them. Canon published the patch as part of an official security advisory.

Also Read: Twitter Testing a New Option for its Direct Message (DM) Section

Given that the protocol is standardised and embedded in other camera brands, the researchers believe similar vulnerabilities can be found in cameras from other vendors as well.

To avoid attacks, camera owners should make sure your camera is using the latest firmware version, and install a patch if available, Check Point recommended.

They should also turn off the camera’s Wi-Fi when not in use. (IANS)

Next Story

Hackers Can Cause Serious Attacks On E-Bikes For Eavesdropping, Says Study

Someone with malicious intent could eavesdrop on these wireless channels and listen to data exchanges between the scooter and riders' smartphone app

0
Hackers
Vendors of Micromobility vehicles can also suffer denial-of-service (DoS) attacks and data leaks by hackers, said researchers from University of Texas at San Antonio. Pixabay

As governments including in India plan more e-bikes on roads to help tackle traffic congestion, like any Internet-connected device, hackers can cause a series of attacks in e-scooters, including eavesdropping on users and even spoof GPS systems to direct riders to unintended locations, warn researchers including some of Indian-origin.

Vendors of Micromobility vehicles can also suffer denial-of-service (DoS) attacks and data leaks, said researchers from University of Texas at San Antonio.

“We have identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micromobility, ecosystem that could potentially be exploited by malicious adversaries right from inferring the riders’ private data to causing economic losses to service providers and remotely controlling the vehicles’ behaviour and operation,” said Jadliwala.

The micromobility e-scooter analysis was conducted by Jadliwala alongside graduate students Nisha Vinayaga-Sureshkanth, Raveen Wijewickrama and post-doctoral fellow Anindya Maiti.

The global e-Bike market is projected to grow at a CAGR of 9.01 per cent to reach $38.6 billion by 2025 from an estimated $21.1 billion in 2018, according to marketsandmarkets research firm. Computer science experts at the university have published the first review of the security and privacy risks posed by e-scooters and their related software services and applications.

According to the review, to appear in the proceedings of the 2nd ACM Workshop on Automotive and Aerial Vehicle Security (AutoSec 2020), hackers can cause a series of attacks. Some e-scooter models communicate with the rider’s smartphone over a Bluetooth Low Energy channel.

Someone with malicious intent could eavesdrop on these wireless channels and listen to data exchanges between the scooter and riders’ smartphone app by means of easily and cheaply accessible hardware and software tools such as Ubertooth and WireShark.

Those who sign up to use e-scooters also offer up a great deal of personal and sensitive data beyond just billing information.According to the study, providers automatically collect other analytics, such as location and individual vehicle information.

Hackers
As governments including in India plan more e-bikes on roads to help tackle traffic congestion, like any Internet-connected device, hackers can cause a series of attacks in e-scooters, including eavesdropping on users and even spoof GPS systems to direct riders to unintended locations. Pixabay

This data can be pieced together to generate an individual profile that can even include a rider’s preferred route, personal interests, and home and work locations.”Cities are experiencing explosive population growth. Micromobility promises to transport people in a more sustainable, faster and economical fashion,” said Jadliwala.

ALSO READ: TikTok and DSCI Comes Together To Unveil Interactive Quiz on Online Privacy

To ensure that this industry stays viable, companies should think not only about rider and pedestrian safety but also how to protect consumers and themselves from significant cybersecurity and privacy threats enabled by this new technology,” the authors noted. (IANS)