For the most part, hackers are pretty good at what they do. If they weren’t, companies wouldn’t spend millions of dollars every year on cybersecurity infrastructure. But even the most dedicated engineers and analysts don’t always catch security flaws right out the gate. That’s why security researchers and “white hat” hackers work tirelessly to discover these bugs before bad actors have a chance to exploit them.
But security flaws aren’t just found on computers, phones, or servers. Sometimes, an ordinary appliance or gadget could fall victim to a security exploit that puts users in harm’s way. Recently, researchers discovered a critical hole in a popular line of cameras. If left unchecked, a hacker could easily install ransomware or steal a user’s photos for themselves.
Thankfully, the security researchers who discovered the flaw believe they have a solution to this scary exploit. Read on to learn what they found and how you can patch your camera to keep your private photos secure.
Canon DSLR cameras at risk of Wi-Fi exploit
Security researchers at Check Point Software Technologies recently discovered an unusual vulnerability in Canon DSLR cameras running a third-party firmware called Magic Lantern. The issue arises as part of the camera’s ability to pair with a computer over Wi-Fi for photo transfers.
According to Check Point’s report, hackers can access the camera’s Wi-Fi connection during a transfer and inject malicious code to gain access. For demonstration purposes, Check Point remotely installed ransomware on their test camera. The ransomware was easily able to encrypt the entire device and its SD card, with an unlock code now being required to use it again.
Worst of all, a user need not even interact with the camera in order to fall victim to the hack. All a cybercriminal needs to do is be present on the same Wi-Fi network the camera is using for a transfer.
I have a Canon DSLR. How can I protect myself from this security hole?
Thankfully, Check Point identified the flaw back in March and has worked closely with Canon during the patching process. Canon has now officially released a patch to address the issue that can be downloaded to any of its compatible DSLR cameras.
To install it, a USB connection is required. The patch can be downloaded by plugging your camera into a computer and performing a normal firmware update. The patch will be included in the latest edition.
For an extra layer of security (or in the event that you can’t download the patch), users can turn off their camera’s networking capability and stick to USB for photo transfers. Unless a hacker is directly jacked into the camera, it’s unlikely that they’d be able to attack it at this point.
As serious as this security issue is, it’s heartening to see a company working together with researchers in order to serve their customers better. As bug bounty hunting continues to boom as a lucrative business, perhaps we’ll see this sort of partnership become the norm in the tech industry.
Consumers are safer and hackers still get to hack (but for good instead of evil). It’s a win/win situation for everyone!