The Internet of Things (IoT) are just as susceptible to malware as any computer. Digital cameras are a great target for ransomware: wouldn’t it be awful if someone could take your personal images and videos and hold them for ransom? Check Point Software Technologies has just published research showing just how ransomware could take over a DSLR camera. Specifically, the Canon EOS 80D. Check Point believes similar vulnerabilities can be found in cameras from other vendors as well, given that they all use a similar Picture Transfer Protocol.
Canon’s response has been stellar in light of the research. Canon immediately released a product advisory, along with a firmware update for the 80D. It also confirmed that 30 of its cameras are similarly susceptible to attack, from professional bodies like the Canon EOS 1-DX Mark II to the Canon EOS R to the Canon PowerShot G5X Mark II. Firmware for the other camera brands that can be affected, will also be available. Even though Canon says that there have been no known cases of this happening, they have taken steps to address the issue.
The story of Canon highlights two key areas for me. 1. A manufacturer has responded to a potential problem and has taken steps to address it, before it becomes a real problem. When Check Point presented their findings to Canon, they addressed the problem right away. They didn’t wait for thousands of cameras to be hacked before acting. 2. A firmware update is now available for the users of these cameras. If you have one of these cameras, it is up to you, the end user, to update your firmware to the latest version to avoid this potential vulnerability. Similarly, businesses that don’t patch systems regularly are vulnerable to threats from out-of-date software.
The simple lesson is that systems need to be patched regularly. When systems aren’t simple, however, it can be quite time consuming to know what to patch and when. An MSSP like Uzado is here to help simplify Vulnerability and Risk Management processes.