Skip to main content

Picture Perfect Hack of a Canon EOS 80D DSLR

posted onAugust 14, 2019
by l33tdawg
Threat Post
Credit: Threat Post

Multiple vulnerabilities in Canon’s DSLR camera firmware could allow an attacker to plant malware on devices and ransom images from users. The bugs, outlined in a session here at DEF CON, open the door to a range of hacks via a Wi-Fi network or a PC’s USB connection to a camera.

The research comes from Check Point that found six bugs when it reverse engineered Canon’s EOS 80D DSLR firmware. Eyal Itkin, the Check Point researcher giving the talk, said flaws were found in Canon’s implementation of Picture Transfer Protocol (PTP). PTP is an industry standard protocol used by device makers for transferring images via wired or wirelessly from a digital camera to a computer.

The researcher wrote, in a technical paper released Sunday, that PTP is a ripe target, given it is an unauthenticated protocol that supports dozens of different complex commands. “[A] vulnerability in PTP can be equally exploited over USB and over Wi-Fi,” he wrote. During the DEF CON session, Itkin outlined two attack scenarios against the Canon EOS 80D model camera. One scenario included an attacker that takes over a PC, and can leapfrog an infection into a camera via a USB connection. The second attack involves placing a rogue Wi-Fi access point in a public setting to leverage a remote attack against the targeted camera.

The wireless attack is triggered when the camera connects to the rogue access point. “Once the attacker is within the same LAN as the camera, he can initiate the exploit,” the researcher said. According to Check Point, its proof-of-concept attack builds off previous camera firmware research by Daniel Mende. In 2013, Mende gave a talk at the security conference Hack in The Box called “Paparazzi over IP.”

Source

Tags

Security HITB2013KUL

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th