DEF CON 2019 Report! - ThreatWire Crosspost (Patreon)

Support me on alternative platforms! https://snubsie.com/support

https://www.youtube.com/shannonmorse --  subscribe to my new channel!

ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire 

Some news from DEF CON! If you want to hear about all of the news from the convention, check out my security bulletin on Patreon.

For some reason I never considered the security of a DSLR camera could be a downfall to malware. CheckPoint researcher Eyal Itkin found a vulnerability in Canon camera firmware that would allow him to exploit the device over USB or wifi, take over the camera, and even put ransomware on it. This means, an attacker with the right tools, could potentially hold private photos for ransom until you pay up.

The problem persists in the Picture Transfer Protocol PTP firmware which allows you to transfer photos via USB or WiFi. PTP also allows you to update your camera remotely, but doesn’t require authentication and uses no encryption. In Canon’s case Itkin pushed malware to the camera when it was connected to a computer, but was also able to do the same by using a rogue WiFi access point. To take it a step further, they found the AES symmetric encryption keys for the firmware, and were able to create a fake update that was actually their own malicious firmware with ransomware included. 

Canon released a security bulletin showing that the attack works on multiple different models including Canon EOS DSLRs and PowerShot point n shoots. CVEs were created for all of the vulnerabilities. According to Canon, this hasn’t been exploited in the wild. Canon did not issue a fix, yet, but for the 80D, and states they will do so for a specific number of models. Canon recommended downloading firmware from their site, a trusted source, disable network functionality, don’t connect the camera to any device that has been exposed to viruses, and don’t use them on potentially hostile networks, like free wifi environments.