If a digital camera can be “hacked” in the ransomware sense, how best to protect it?

Was there ever a treaty between 2 entities with significantly different translations to the detriment of one party?

How do you harvest carrots in creative mode?

If all stars rotate, why was there a theory developed that requires non-rotating stars?

Handling Disruptive Student on the Autistic Spectrum

How is the idea of "two people having a heated argument" idiomatically expressed in German?

Command in bash shell script to find path to that script?

Immutable builder and updater

Why did this happen to Thanos's ships at the end of "Avengers: Endgame"?

Does travel insurance for short flight delays exist?

Why do banks “park” their money at the European Central Bank?

What do these triangles above and below the staff mean?

What is the difference between Major and Minor Bug?

Nothing like a good ol' game of ModTen

Why does The Ancient One think differently about Doctor Strange in Endgame than the film Doctor Strange?

Is it possible to perform a regression where you have an unknown / unknowable feature variable?

An interview question: What's the number of String objects being created?

A discontinuity in an integral

Strange-looking FM transmitter circuit

How would you identify when an object in a Lissajous orbit needs station keeping?

Round towards zero

How should I face my manager if I make a mistake because a senior coworker explained something incorrectly to me?

Prove your innocence

Is there any music source code for sound chips?

Dealing with an extrovert co-worker



If a digital camera can be “hacked” in the ransomware sense, how best to protect it?







.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








5















Increasingly, I hear of hackers gaining control over digital devices for their own gain or merely to be a nuisance.



I don't know but suspect that when tethered to another device such as a computer, malware can be unknowingly passed. Blue Tooth might also be a conduit to the camera logic. Maybe something is hiding in the "cloud" to be downloaded? Either way, I've decided to repatriate anything in the cloud to something back here on Earth.



Has anyone knowledge or experience if this is a distinct possibility? I'd be interested.



UPDATE: My brother sent me this link to checkpoint software pwning a camera over wifi in less that a few seconds.



Tags suggestions appreciated.










share|improve this question














migrated from photo.stackexchange.com Aug 13 at 22:21


This question came from our site for professional, enthusiast and amateur photographers.



















  • vtc b/c This question only incidentally involves camera equipment and is not relevant to the use of such equipment for photographic purposes. Any device with a processor can potentially be hacked.

    – xiota
    Aug 11 at 20:58






  • 2





    Since you know the answer, it's clear that this isn't really a question but really meant as a discussion prompt or even just a notice. This site is not really meant for that kind of thing.

    – mattdm
    Aug 11 at 22:09






  • 1





    @mattdm Mea Culpa. This started as a conversation with my brother about possibilities. We decided that I would post the question here and he would look around his sources. Circumstances brought everything together. I'm not sure if it's on or off topic other than how to protect one's gear. How to protect one's gear in the rain might be on topic. I think viruses are as ubiquitous as rain. QED. Yes? No?

    – Stan
    Aug 11 at 22:24






  • 4





    I think this is on-topic. Like it or not, cameras are now computers (just like phones). Care of a camera should be on-topic, and care of a modern camera includes protecting against malware. Having said that, I don't think ransomware on digital cameras running proprietary firmware is a thing.

    – osullic
    Aug 11 at 22:34











  • This is a computer security question that is as topical as would be a question about securing a laptop that is primarily used for editing photos.

    – xiota
    Aug 12 at 3:43

















5















Increasingly, I hear of hackers gaining control over digital devices for their own gain or merely to be a nuisance.



I don't know but suspect that when tethered to another device such as a computer, malware can be unknowingly passed. Blue Tooth might also be a conduit to the camera logic. Maybe something is hiding in the "cloud" to be downloaded? Either way, I've decided to repatriate anything in the cloud to something back here on Earth.



Has anyone knowledge or experience if this is a distinct possibility? I'd be interested.



UPDATE: My brother sent me this link to checkpoint software pwning a camera over wifi in less that a few seconds.



Tags suggestions appreciated.










share|improve this question














migrated from photo.stackexchange.com Aug 13 at 22:21


This question came from our site for professional, enthusiast and amateur photographers.



















  • vtc b/c This question only incidentally involves camera equipment and is not relevant to the use of such equipment for photographic purposes. Any device with a processor can potentially be hacked.

    – xiota
    Aug 11 at 20:58






  • 2





    Since you know the answer, it's clear that this isn't really a question but really meant as a discussion prompt or even just a notice. This site is not really meant for that kind of thing.

    – mattdm
    Aug 11 at 22:09






  • 1





    @mattdm Mea Culpa. This started as a conversation with my brother about possibilities. We decided that I would post the question here and he would look around his sources. Circumstances brought everything together. I'm not sure if it's on or off topic other than how to protect one's gear. How to protect one's gear in the rain might be on topic. I think viruses are as ubiquitous as rain. QED. Yes? No?

    – Stan
    Aug 11 at 22:24






  • 4





    I think this is on-topic. Like it or not, cameras are now computers (just like phones). Care of a camera should be on-topic, and care of a modern camera includes protecting against malware. Having said that, I don't think ransomware on digital cameras running proprietary firmware is a thing.

    – osullic
    Aug 11 at 22:34











  • This is a computer security question that is as topical as would be a question about securing a laptop that is primarily used for editing photos.

    – xiota
    Aug 12 at 3:43













5












5








5








Increasingly, I hear of hackers gaining control over digital devices for their own gain or merely to be a nuisance.



I don't know but suspect that when tethered to another device such as a computer, malware can be unknowingly passed. Blue Tooth might also be a conduit to the camera logic. Maybe something is hiding in the "cloud" to be downloaded? Either way, I've decided to repatriate anything in the cloud to something back here on Earth.



Has anyone knowledge or experience if this is a distinct possibility? I'd be interested.



UPDATE: My brother sent me this link to checkpoint software pwning a camera over wifi in less that a few seconds.



Tags suggestions appreciated.










share|improve this question














Increasingly, I hear of hackers gaining control over digital devices for their own gain or merely to be a nuisance.



I don't know but suspect that when tethered to another device such as a computer, malware can be unknowingly passed. Blue Tooth might also be a conduit to the camera logic. Maybe something is hiding in the "cloud" to be downloaded? Either way, I've decided to repatriate anything in the cloud to something back here on Earth.



Has anyone knowledge or experience if this is a distinct possibility? I'd be interested.



UPDATE: My brother sent me this link to checkpoint software pwning a camera over wifi in less that a few seconds.



Tags suggestions appreciated.







software






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Aug 11 at 20:48







Stan












migrated from photo.stackexchange.com Aug 13 at 22:21


This question came from our site for professional, enthusiast and amateur photographers.











migrated from photo.stackexchange.com Aug 13 at 22:21


This question came from our site for professional, enthusiast and amateur photographers.









migrated from photo.stackexchange.com Aug 13 at 22:21


This question came from our site for professional, enthusiast and amateur photographers.














  • vtc b/c This question only incidentally involves camera equipment and is not relevant to the use of such equipment for photographic purposes. Any device with a processor can potentially be hacked.

    – xiota
    Aug 11 at 20:58






  • 2





    Since you know the answer, it's clear that this isn't really a question but really meant as a discussion prompt or even just a notice. This site is not really meant for that kind of thing.

    – mattdm
    Aug 11 at 22:09






  • 1





    @mattdm Mea Culpa. This started as a conversation with my brother about possibilities. We decided that I would post the question here and he would look around his sources. Circumstances brought everything together. I'm not sure if it's on or off topic other than how to protect one's gear. How to protect one's gear in the rain might be on topic. I think viruses are as ubiquitous as rain. QED. Yes? No?

    – Stan
    Aug 11 at 22:24






  • 4





    I think this is on-topic. Like it or not, cameras are now computers (just like phones). Care of a camera should be on-topic, and care of a modern camera includes protecting against malware. Having said that, I don't think ransomware on digital cameras running proprietary firmware is a thing.

    – osullic
    Aug 11 at 22:34











  • This is a computer security question that is as topical as would be a question about securing a laptop that is primarily used for editing photos.

    – xiota
    Aug 12 at 3:43

















  • vtc b/c This question only incidentally involves camera equipment and is not relevant to the use of such equipment for photographic purposes. Any device with a processor can potentially be hacked.

    – xiota
    Aug 11 at 20:58






  • 2





    Since you know the answer, it's clear that this isn't really a question but really meant as a discussion prompt or even just a notice. This site is not really meant for that kind of thing.

    – mattdm
    Aug 11 at 22:09






  • 1





    @mattdm Mea Culpa. This started as a conversation with my brother about possibilities. We decided that I would post the question here and he would look around his sources. Circumstances brought everything together. I'm not sure if it's on or off topic other than how to protect one's gear. How to protect one's gear in the rain might be on topic. I think viruses are as ubiquitous as rain. QED. Yes? No?

    – Stan
    Aug 11 at 22:24






  • 4





    I think this is on-topic. Like it or not, cameras are now computers (just like phones). Care of a camera should be on-topic, and care of a modern camera includes protecting against malware. Having said that, I don't think ransomware on digital cameras running proprietary firmware is a thing.

    – osullic
    Aug 11 at 22:34











  • This is a computer security question that is as topical as would be a question about securing a laptop that is primarily used for editing photos.

    – xiota
    Aug 12 at 3:43
















vtc b/c This question only incidentally involves camera equipment and is not relevant to the use of such equipment for photographic purposes. Any device with a processor can potentially be hacked.

– xiota
Aug 11 at 20:58





vtc b/c This question only incidentally involves camera equipment and is not relevant to the use of such equipment for photographic purposes. Any device with a processor can potentially be hacked.

– xiota
Aug 11 at 20:58




2




2





Since you know the answer, it's clear that this isn't really a question but really meant as a discussion prompt or even just a notice. This site is not really meant for that kind of thing.

– mattdm
Aug 11 at 22:09





Since you know the answer, it's clear that this isn't really a question but really meant as a discussion prompt or even just a notice. This site is not really meant for that kind of thing.

– mattdm
Aug 11 at 22:09




1




1





@mattdm Mea Culpa. This started as a conversation with my brother about possibilities. We decided that I would post the question here and he would look around his sources. Circumstances brought everything together. I'm not sure if it's on or off topic other than how to protect one's gear. How to protect one's gear in the rain might be on topic. I think viruses are as ubiquitous as rain. QED. Yes? No?

– Stan
Aug 11 at 22:24





@mattdm Mea Culpa. This started as a conversation with my brother about possibilities. We decided that I would post the question here and he would look around his sources. Circumstances brought everything together. I'm not sure if it's on or off topic other than how to protect one's gear. How to protect one's gear in the rain might be on topic. I think viruses are as ubiquitous as rain. QED. Yes? No?

– Stan
Aug 11 at 22:24




4




4





I think this is on-topic. Like it or not, cameras are now computers (just like phones). Care of a camera should be on-topic, and care of a modern camera includes protecting against malware. Having said that, I don't think ransomware on digital cameras running proprietary firmware is a thing.

– osullic
Aug 11 at 22:34





I think this is on-topic. Like it or not, cameras are now computers (just like phones). Care of a camera should be on-topic, and care of a modern camera includes protecting against malware. Having said that, I don't think ransomware on digital cameras running proprietary firmware is a thing.

– osullic
Aug 11 at 22:34













This is a computer security question that is as topical as would be a question about securing a laptop that is primarily used for editing photos.

– xiota
Aug 12 at 3:43





This is a computer security question that is as topical as would be a question about securing a laptop that is primarily used for editing photos.

– xiota
Aug 12 at 3:43










6 Answers
6






active

oldest

votes


















16















From the OP's link… or more precisely from the security report the tweet is linked to - Check Point Research Reveals Modern Cameras’ Connectivity to Wi-Fi Make Them Vulnerable to Ransomware and Malware




Here are some things camera owners can do to avoid being infected:



  1. Make sure your camera is using the latest firmware version, and install a patch if available.

  2. Turn off the camera’s WiFi when not in use.

  3. When using WiFi, prefer using the camera as the WiFi access point, rather than connecting your camera to a public WiFi network.



That third point is the one - if your camera is the access point, then before you can even start to try to hack it you first need to hack into the access point. WPA2 is not impossible, but certainly not easy to hack. Once past that you would need to try to side-load the specific hack for that specific model of camera.



All the time you were doing this you'd have to be within 15m of the photographer.



Defcon does this kind of thing every year - it exposes weaknesses to make manufacturers change their practices, long-term. The thing is that you get good brownie points for finding a new exploit. It doesn't have to be one that's easy or even likely, it just has to be possible.

Cue crowds of cheering pen-testers.



As with all good white hat hackers, CheckPoint first told Canon about the exploit they had found & didn't make it public until after it had been patched.

Canon - Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions






share|improve this answer

























  • I gather this includes Bluetooth. As far as you are aware, are there any other means to gain access to my box without my knowledge and permission? Thank you +1.

    – Stan
    Aug 12 at 13:44











  • There is no mention of Bluetooth in the report at all.

    – Tetsujin
    Aug 12 at 13:51











  • And remember that Canon already patched those vulnerabilities, that exploit is no longer viable, improbable as it was.

    – Fábio Dias
    Aug 12 at 16:54






  • 3





    @FábioDias It's not viable on cameras which have had the updates released and actually installed by the users and it won't be viable on future cameras. But there's probably still quite a few cameras that are vulnerable because they're no longer supported or their owners haven't and might never update (and this may include some that are still in boxes on store shelves, depending on when Canon pushed the update and how long it's been since the cameras left Canon's control).

    – 8bittree
    Aug 12 at 18:21


















5















Everything is hackable. There is no protection that cannot be circumvented, assuming that the data/device is in working/accessible condition.



The point is if is worth the effort. Arguably, there is little to be gained from getting access to a dedicated camera. A mobile phone would be far more profitable, more information, more entry vectors. It could even be used as an entry vector to other accounts/networks/devices.



Even thinking in ransomware scenarios, most photographers, from amateur onwards, usually rotate several SD cards. If you encrypt one, I'd just be sad I lost some pics, format it and move on. Then consider that all wireless connections of my camera are usually off (battery saving) and when I turn it on, it is for short periods of time (not many sniffing opportunities). And you can't really do it remotely, the hacker must have some sort of physical proximity... not trivial...






share|improve this answer




















  • 4





    @Stan that's why the manufacturer puts the manual in the box (or on the website), since that information is model-specific. Beyond "turn off your wireless, mind your gear" this subject becomes a subfield of CS called "cybersecurity", which I only know very superficially, despite my CS degrees... I do not believe this is the proper venue to get past the superficial, especially because of the myriad of different ways these connections are established...

    – Fábio Dias
    Aug 12 at 3:41






  • 2





    At risk of repeating myself… Notwithstanding your credentials… Instead of giving me all of the subterfuge, why not explain to me (and others) In your answer… How best to protect it. Richard Feynman once said, If you can't explain something in simple terms, you don't understand it.

    – Stan
    Aug 12 at 13:41






  • 6





    He also notably said, "Hell, if I could explain it to the average person, it wouldn't have been worth the Nobel prize."

    – Tetsujin
    Aug 12 at 14:45






  • 3





    @Stan Use film. Hard to remotely hack pure analogue.

    – Chronocidal
    Aug 12 at 14:45






  • 1





    @Stan Because the basics (turn off wireless, mind your gear) were already covered (both by answers and comments), and I'm trying to convey an orthogonal aspect of the risk/reward analysis that the "perpetrator" would consider. If the rewards outweigh the risk/cost, it will happen. That's how real security works, you adapt your countermeasures to the credible/probable, based on how much your data is worth. That's not only for cyber, think of your house padlocks, the lawn fence, bedroom vault, etc..

    – Fábio Dias
    Aug 12 at 16:53


















4















The video in your link seems to refer to this exploit where a Canon camera is attacked using vulnerabilities in the PTP implementation. This requires a data connection between the camera and the attacker: either via USB or WiFi. The camera would then accept and execute a firmware image which then can do anything, including encrypting the photos, sending them to the attacker, and bricking the camera itself, all of which can be used to collect ransom.



One important aspect of firmware viruses is that once infected, the device can never be fully trusted again: the process of updating firmware is controlled by the firmware itself, so sending a known clean firmware to the camera cannot guarantee that the device really accepts it without persisting any of the malicious code.



The good news is, firmware infections are known for at least half a decade now, but they never became mainstream. The costs of such attacks are too high to target regular users, so unless you are taking photos inside a nuclear facility in Iran, such an attack is quite unlikely. What is likely is getting your camera's storage infected with a regular PC virus.



Both attacks require a way to get the malicious data into your camera in the first place, so if you keep the wireless interfaces disabled and don't plug your camera or the storage cards into untrusted computers, there's nothing to worry about.






share|improve this answer

























  • The last paragraph means more to the average photographer than your fine introduction. Still, if I told that to my brother, his eye's would gloss over and he'd probably not give it another thought until it happened to him. +1

    – Stan
    Aug 12 at 13:49






  • 1





    Technically, there might be JTAG interfaces accessible under the cover, allowing firmware-independent firmware updates. Or non-overwritable bootloaders. Or going full Rossmann and desoldering and reprogramming the flash chips :)

    – rackandboneman
    Aug 13 at 11:29


















2















There are a few assumptions that go into the CheckPoint demonstration hack. Note that so far as I'm aware, this isn't a hack that is "in the wild" - this is a "white hat" hack where a ethical hacker tests the security of the device.



In ethical hacking, the findings are not immediately announced to the public. Instead, they inform the product vendor of the finding and provide them ample opportunity to produce a fix. Canon was notified and a fix is already available for the camera in question.



As someone who does work in the security field I can make a few general statements.



  • There are many vulnerabilities that are detected by ethical people and where a software fix is made available prior to any unethical people learning about the exploit. Most of the time, this is how things work. But ...


  • This comes with a consequence. Once a vendor makes a fix available, malicious hackers can compare the patched vs. unpatched software to see if they can work out what had to change. This provides them some clues as to where they might find the vulnerability. Once they find the vulnerability, then can build software to exploit it.


  • This means that the security fix itself ... clues in unethical hackers about the vulnerability and gets them busy trying to build an exploit. But this takes time. It might happen in just a few days.


  • THIS means that once a security patch is available, you really should make it a priority to download and install the security patch as soon as possible (preferably within just a few days). If you do this, your device will be patched from that particular vulnerability before any exploits show up in the wild.


  • Trouble happens when security patches have been available for months (or years) and people don't bother to install the necessary updates. If you do not want to install feature updates ... that's one thing. But you should make a special effort to keep up with security updates.


Malicious hackers are regularly trying to build exploits against computers (operating systems & applications). But home electronics devices, such as home routers, security cameras, etc. -- anything with an Internet connection -- are particular ripe targets because often these devices are often a bit too casual about the security aspects of their design. They make mistakes that software vendors used to make 20 years ago when they did things such as having well-known default passwords -- or storing or transmitting sensitive data in-the-clear.



I have a home security camera (a doorbell camera) that stored the WiFi network password in-the-clear such that a malicious hacker would be able to retrieve the password and use the information to get into the home network.



While many of us have several devices that can be internet-connected in our homes, I typically choose to network these devices via "wired" connection if that's an option. This isn't just safer from a security perspective, it's also more reliable because you aren't competing for bandwidth with neighboring wifi networks.



A traditional photographic camera is a bit of a special case because the camera does not need any network connection to perform its function. The WiFi or Bluetooth option is usually just there is an option to allow remote functionality and/or to transfer files. I transfer files by removing the memory card and inserting it in the computer (it's much faster) and only use the WiFi feature if I'm away from home and don't have my card reader with me.



But as a more generalized answer ... there are more and more Internet of Things devices that need a WiFi connection in order to work. If the vendors of these products are not experienced at how to secure their products (and many are not) then they leave consumers vulnerable to these sorts of attacks.



Keep your products up-to-date ... especially for security updates.






share|improve this answer

























  • "things such as having well-known default passwords". Used to be that the world's largest provider of free wifi was Linksys with their universal default password. =)

    – scottbb
    Aug 13 at 17:23


















0















I think you have just cause to be concerned. As stated by Fabio, everything is hackable. If you are press photographer, wedding photographer or are in the public arena as a competeitive photographer in any aspect, you should not activate wifi or you should use a body without the option. The risk of losing your own work to a competitor is too great. Can you imagine shooting a wedding and not selling any prints because someone stole everything that you shot straight from your own camera without your knowledge? Unless you absolutely need it, turn off wifi.






share|improve this answer




















  • 1





    Can you cite even one instance where this has happened? I sincerely doubt professional photographers would use wifi anyways on location as they take a lot of photos and bandwidth is too low.

    – Eric Shain
    Aug 12 at 1:57






  • 1





    No, not personally, but that doesn't mean it doesn't happen or won't happen. Everything is hackable. As far as a photogs habits are concerned, I won't presume to know how everyone shoots. If the wifi is turned off, though, the door is closed to hackers or it becomes much harder to without being noticed.

    – Robert Allen Kautz
    Aug 12 at 2:09






  • 1





    no, not everything is hackable. Take my old Nikon D200. It has no wifi, no bluetooth, no 3G. The only way to get into its brains is to have physical access to the device and even then you'd need to crack open the case and install some extra hardware. My newer D7500 has WiFi and Bluetooth, but only acts as a base station itself, and will only communicate with Nikon's own software when doing so. Maybe a man in the middle attack is possible, but highly unlikely.

    – jwenting
    Aug 12 at 11:01






  • 2





    @FábioDias You are 100% correct: obligatory XKCD

    – FreeMan
    Aug 12 at 15:54






  • 1





    @FábioDias which wouldn't allow "hacking" in order to make the camera do things it's not supposed to, as is the intended meaning. Simple theft is something else entirely.

    – jwenting
    Aug 13 at 3:25


















0















I am not a hacker but as programmer, I think there is not profit for such action. However it can be done. There is a lot architectures for cameras. They do not use same firmware, same hardware, same properties, etc. So writing a malware could be very very expensive. Recently, by improvement in cameras they can run limited version of operating systems. For example my canon 60D has firmware based on linux. I should note that many of electronic devices may have linux based os for better upgrades and better connectivity with peripheral devices. So the risk of be attacked by ransomware or any malware is increasing, while it is still too low to pay attention. Many of camera hardware breakage are based bad user operation not viruses, for example ejecting memory card without safe removing, ejecting memory card while camera is capturing, or using low quality memories. If some one steal your data or remove them when your camera is connected to a computer, you should worry about computer protection not camera






share|improve this answer




















  • 1





    You're rationalizing reasons for not considering this as a threat out of apathy or ignorance. I think every threat must be considered. You're probably too young to remember the "Merry Christmas" computer virus (the first one) written by Richard Brandow. Until that time, computers were thought to be infallible. That's why he wrote it. He became the first tech guru for the CBC nearly fifty years ago.

    – Stan
    Aug 12 at 13:17






  • 2





    "I think every threat must be considered" That is just plainly wrong. You can consider only credible/probable threats. Otherwise, rogue meteors...

    – Fábio Dias
    Aug 12 at 16:46






  • 1





    @FábioDias You just considered the threat of rogue meteors. You likely quickly concluded that the risk of that is very low and that therefore no specific mitigations are required in your case, but you still considered it. For a proper risk analysis, one would consider the probability and impact of every threat one can think of (including far-fetched ones), and then use the outcome of that analysis to decide what actions to take to mitigate which threats.

    – a CVn
    Aug 13 at 9:43






  • 2





    For example, meteor hits camera? Probability: very low. Impact: need to buy new camera. Mitigation: plan to buy a new camera at some point. Similarly, for example: theft of camera? Probability: likely low to medium, depending on use. Impact: need to buy a new camera, possible loss of images on card, possible psychological stress. Mitigation: keep the camera near yourself when in an untrustworthy setting, possibly don't advertise the fact that it's worth $$$$$. And so on. (Note that these are only examples, for illustrative purposes. If it matters to you, you should do your own risk analysis.)

    – a CVn
    Aug 13 at 9:43






  • 1





    @scottbb I see you're getting the idea. :-) (Though usually for high-impact events, you'd typically want some mitigation even if the probability is rather low. That said, for that particular one the camera isn't much related to the event. :)) Basically, this is what insurance companies do all the time...

    – a CVn
    Aug 13 at 18:57













Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f215255%2fif-a-digital-camera-can-be-hacked-in-the-ransomware-sense-how-best-to-protect%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown
























6 Answers
6






active

oldest

votes








6 Answers
6






active

oldest

votes









active

oldest

votes






active

oldest

votes









16















From the OP's link… or more precisely from the security report the tweet is linked to - Check Point Research Reveals Modern Cameras’ Connectivity to Wi-Fi Make Them Vulnerable to Ransomware and Malware




Here are some things camera owners can do to avoid being infected:



  1. Make sure your camera is using the latest firmware version, and install a patch if available.

  2. Turn off the camera’s WiFi when not in use.

  3. When using WiFi, prefer using the camera as the WiFi access point, rather than connecting your camera to a public WiFi network.



That third point is the one - if your camera is the access point, then before you can even start to try to hack it you first need to hack into the access point. WPA2 is not impossible, but certainly not easy to hack. Once past that you would need to try to side-load the specific hack for that specific model of camera.



All the time you were doing this you'd have to be within 15m of the photographer.



Defcon does this kind of thing every year - it exposes weaknesses to make manufacturers change their practices, long-term. The thing is that you get good brownie points for finding a new exploit. It doesn't have to be one that's easy or even likely, it just has to be possible.

Cue crowds of cheering pen-testers.



As with all good white hat hackers, CheckPoint first told Canon about the exploit they had found & didn't make it public until after it had been patched.

Canon - Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions






share|improve this answer

























  • I gather this includes Bluetooth. As far as you are aware, are there any other means to gain access to my box without my knowledge and permission? Thank you +1.

    – Stan
    Aug 12 at 13:44











  • There is no mention of Bluetooth in the report at all.

    – Tetsujin
    Aug 12 at 13:51











  • And remember that Canon already patched those vulnerabilities, that exploit is no longer viable, improbable as it was.

    – Fábio Dias
    Aug 12 at 16:54






  • 3





    @FábioDias It's not viable on cameras which have had the updates released and actually installed by the users and it won't be viable on future cameras. But there's probably still quite a few cameras that are vulnerable because they're no longer supported or their owners haven't and might never update (and this may include some that are still in boxes on store shelves, depending on when Canon pushed the update and how long it's been since the cameras left Canon's control).

    – 8bittree
    Aug 12 at 18:21















16















From the OP's link… or more precisely from the security report the tweet is linked to - Check Point Research Reveals Modern Cameras’ Connectivity to Wi-Fi Make Them Vulnerable to Ransomware and Malware




Here are some things camera owners can do to avoid being infected:



  1. Make sure your camera is using the latest firmware version, and install a patch if available.

  2. Turn off the camera’s WiFi when not in use.

  3. When using WiFi, prefer using the camera as the WiFi access point, rather than connecting your camera to a public WiFi network.



That third point is the one - if your camera is the access point, then before you can even start to try to hack it you first need to hack into the access point. WPA2 is not impossible, but certainly not easy to hack. Once past that you would need to try to side-load the specific hack for that specific model of camera.



All the time you were doing this you'd have to be within 15m of the photographer.



Defcon does this kind of thing every year - it exposes weaknesses to make manufacturers change their practices, long-term. The thing is that you get good brownie points for finding a new exploit. It doesn't have to be one that's easy or even likely, it just has to be possible.

Cue crowds of cheering pen-testers.



As with all good white hat hackers, CheckPoint first told Canon about the exploit they had found & didn't make it public until after it had been patched.

Canon - Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions






share|improve this answer

























  • I gather this includes Bluetooth. As far as you are aware, are there any other means to gain access to my box without my knowledge and permission? Thank you +1.

    – Stan
    Aug 12 at 13:44











  • There is no mention of Bluetooth in the report at all.

    – Tetsujin
    Aug 12 at 13:51











  • And remember that Canon already patched those vulnerabilities, that exploit is no longer viable, improbable as it was.

    – Fábio Dias
    Aug 12 at 16:54






  • 3





    @FábioDias It's not viable on cameras which have had the updates released and actually installed by the users and it won't be viable on future cameras. But there's probably still quite a few cameras that are vulnerable because they're no longer supported or their owners haven't and might never update (and this may include some that are still in boxes on store shelves, depending on when Canon pushed the update and how long it's been since the cameras left Canon's control).

    – 8bittree
    Aug 12 at 18:21













16














16










16









From the OP's link… or more precisely from the security report the tweet is linked to - Check Point Research Reveals Modern Cameras’ Connectivity to Wi-Fi Make Them Vulnerable to Ransomware and Malware




Here are some things camera owners can do to avoid being infected:



  1. Make sure your camera is using the latest firmware version, and install a patch if available.

  2. Turn off the camera’s WiFi when not in use.

  3. When using WiFi, prefer using the camera as the WiFi access point, rather than connecting your camera to a public WiFi network.



That third point is the one - if your camera is the access point, then before you can even start to try to hack it you first need to hack into the access point. WPA2 is not impossible, but certainly not easy to hack. Once past that you would need to try to side-load the specific hack for that specific model of camera.



All the time you were doing this you'd have to be within 15m of the photographer.



Defcon does this kind of thing every year - it exposes weaknesses to make manufacturers change their practices, long-term. The thing is that you get good brownie points for finding a new exploit. It doesn't have to be one that's easy or even likely, it just has to be possible.

Cue crowds of cheering pen-testers.



As with all good white hat hackers, CheckPoint first told Canon about the exploit they had found & didn't make it public until after it had been patched.

Canon - Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions






share|improve this answer













From the OP's link… or more precisely from the security report the tweet is linked to - Check Point Research Reveals Modern Cameras’ Connectivity to Wi-Fi Make Them Vulnerable to Ransomware and Malware




Here are some things camera owners can do to avoid being infected:



  1. Make sure your camera is using the latest firmware version, and install a patch if available.

  2. Turn off the camera’s WiFi when not in use.

  3. When using WiFi, prefer using the camera as the WiFi access point, rather than connecting your camera to a public WiFi network.



That third point is the one - if your camera is the access point, then before you can even start to try to hack it you first need to hack into the access point. WPA2 is not impossible, but certainly not easy to hack. Once past that you would need to try to side-load the specific hack for that specific model of camera.



All the time you were doing this you'd have to be within 15m of the photographer.



Defcon does this kind of thing every year - it exposes weaknesses to make manufacturers change their practices, long-term. The thing is that you get good brownie points for finding a new exploit. It doesn't have to be one that's easy or even likely, it just has to be possible.

Cue crowds of cheering pen-testers.



As with all good white hat hackers, CheckPoint first told Canon about the exploit they had found & didn't make it public until after it had been patched.

Canon - Regarding the security advisory for Canon digital cameras related to PTP (Picture Transfer Protocol) communication functions and firmware update functions







share|improve this answer












share|improve this answer



share|improve this answer










answered Aug 12 at 6:55







Tetsujin






















  • I gather this includes Bluetooth. As far as you are aware, are there any other means to gain access to my box without my knowledge and permission? Thank you +1.

    – Stan
    Aug 12 at 13:44











  • There is no mention of Bluetooth in the report at all.

    – Tetsujin
    Aug 12 at 13:51











  • And remember that Canon already patched those vulnerabilities, that exploit is no longer viable, improbable as it was.

    – Fábio Dias
    Aug 12 at 16:54






  • 3





    @FábioDias It's not viable on cameras which have had the updates released and actually installed by the users and it won't be viable on future cameras. But there's probably still quite a few cameras that are vulnerable because they're no longer supported or their owners haven't and might never update (and this may include some that are still in boxes on store shelves, depending on when Canon pushed the update and how long it's been since the cameras left Canon's control).

    – 8bittree
    Aug 12 at 18:21

















  • I gather this includes Bluetooth. As far as you are aware, are there any other means to gain access to my box without my knowledge and permission? Thank you +1.

    – Stan
    Aug 12 at 13:44











  • There is no mention of Bluetooth in the report at all.

    – Tetsujin
    Aug 12 at 13:51











  • And remember that Canon already patched those vulnerabilities, that exploit is no longer viable, improbable as it was.

    – Fábio Dias
    Aug 12 at 16:54






  • 3





    @FábioDias It's not viable on cameras which have had the updates released and actually installed by the users and it won't be viable on future cameras. But there's probably still quite a few cameras that are vulnerable because they're no longer supported or their owners haven't and might never update (and this may include some that are still in boxes on store shelves, depending on when Canon pushed the update and how long it's been since the cameras left Canon's control).

    – 8bittree
    Aug 12 at 18:21
















I gather this includes Bluetooth. As far as you are aware, are there any other means to gain access to my box without my knowledge and permission? Thank you +1.

– Stan
Aug 12 at 13:44





I gather this includes Bluetooth. As far as you are aware, are there any other means to gain access to my box without my knowledge and permission? Thank you +1.

– Stan
Aug 12 at 13:44













There is no mention of Bluetooth in the report at all.

– Tetsujin
Aug 12 at 13:51





There is no mention of Bluetooth in the report at all.

– Tetsujin
Aug 12 at 13:51













And remember that Canon already patched those vulnerabilities, that exploit is no longer viable, improbable as it was.

– Fábio Dias
Aug 12 at 16:54





And remember that Canon already patched those vulnerabilities, that exploit is no longer viable, improbable as it was.

– Fábio Dias
Aug 12 at 16:54




3




3





@FábioDias It's not viable on cameras which have had the updates released and actually installed by the users and it won't be viable on future cameras. But there's probably still quite a few cameras that are vulnerable because they're no longer supported or their owners haven't and might never update (and this may include some that are still in boxes on store shelves, depending on when Canon pushed the update and how long it's been since the cameras left Canon's control).

– 8bittree
Aug 12 at 18:21





@FábioDias It's not viable on cameras which have had the updates released and actually installed by the users and it won't be viable on future cameras. But there's probably still quite a few cameras that are vulnerable because they're no longer supported or their owners haven't and might never update (and this may include some that are still in boxes on store shelves, depending on when Canon pushed the update and how long it's been since the cameras left Canon's control).

– 8bittree
Aug 12 at 18:21













5















Everything is hackable. There is no protection that cannot be circumvented, assuming that the data/device is in working/accessible condition.



The point is if is worth the effort. Arguably, there is little to be gained from getting access to a dedicated camera. A mobile phone would be far more profitable, more information, more entry vectors. It could even be used as an entry vector to other accounts/networks/devices.



Even thinking in ransomware scenarios, most photographers, from amateur onwards, usually rotate several SD cards. If you encrypt one, I'd just be sad I lost some pics, format it and move on. Then consider that all wireless connections of my camera are usually off (battery saving) and when I turn it on, it is for short periods of time (not many sniffing opportunities). And you can't really do it remotely, the hacker must have some sort of physical proximity... not trivial...






share|improve this answer




















  • 4





    @Stan that's why the manufacturer puts the manual in the box (or on the website), since that information is model-specific. Beyond "turn off your wireless, mind your gear" this subject becomes a subfield of CS called "cybersecurity", which I only know very superficially, despite my CS degrees... I do not believe this is the proper venue to get past the superficial, especially because of the myriad of different ways these connections are established...

    – Fábio Dias
    Aug 12 at 3:41






  • 2





    At risk of repeating myself… Notwithstanding your credentials… Instead of giving me all of the subterfuge, why not explain to me (and others) In your answer… How best to protect it. Richard Feynman once said, If you can't explain something in simple terms, you don't understand it.

    – Stan
    Aug 12 at 13:41






  • 6





    He also notably said, "Hell, if I could explain it to the average person, it wouldn't have been worth the Nobel prize."

    – Tetsujin
    Aug 12 at 14:45






  • 3





    @Stan Use film. Hard to remotely hack pure analogue.

    – Chronocidal
    Aug 12 at 14:45






  • 1





    @Stan Because the basics (turn off wireless, mind your gear) were already covered (both by answers and comments), and I'm trying to convey an orthogonal aspect of the risk/reward analysis that the "perpetrator" would consider. If the rewards outweigh the risk/cost, it will happen. That's how real security works, you adapt your countermeasures to the credible/probable, based on how much your data is worth. That's not only for cyber, think of your house padlocks, the lawn fence, bedroom vault, etc..

    – Fábio Dias
    Aug 12 at 16:53















5















Everything is hackable. There is no protection that cannot be circumvented, assuming that the data/device is in working/accessible condition.



The point is if is worth the effort. Arguably, there is little to be gained from getting access to a dedicated camera. A mobile phone would be far more profitable, more information, more entry vectors. It could even be used as an entry vector to other accounts/networks/devices.



Even thinking in ransomware scenarios, most photographers, from amateur onwards, usually rotate several SD cards. If you encrypt one, I'd just be sad I lost some pics, format it and move on. Then consider that all wireless connections of my camera are usually off (battery saving) and when I turn it on, it is for short periods of time (not many sniffing opportunities). And you can't really do it remotely, the hacker must have some sort of physical proximity... not trivial...






share|improve this answer




















  • 4





    @Stan that's why the manufacturer puts the manual in the box (or on the website), since that information is model-specific. Beyond "turn off your wireless, mind your gear" this subject becomes a subfield of CS called "cybersecurity", which I only know very superficially, despite my CS degrees... I do not believe this is the proper venue to get past the superficial, especially because of the myriad of different ways these connections are established...

    – Fábio Dias
    Aug 12 at 3:41






  • 2





    At risk of repeating myself… Notwithstanding your credentials… Instead of giving me all of the subterfuge, why not explain to me (and others) In your answer… How best to protect it. Richard Feynman once said, If you can't explain something in simple terms, you don't understand it.

    – Stan
    Aug 12 at 13:41






  • 6





    He also notably said, "Hell, if I could explain it to the average person, it wouldn't have been worth the Nobel prize."

    – Tetsujin
    Aug 12 at 14:45






  • 3





    @Stan Use film. Hard to remotely hack pure analogue.

    – Chronocidal
    Aug 12 at 14:45






  • 1





    @Stan Because the basics (turn off wireless, mind your gear) were already covered (both by answers and comments), and I'm trying to convey an orthogonal aspect of the risk/reward analysis that the "perpetrator" would consider. If the rewards outweigh the risk/cost, it will happen. That's how real security works, you adapt your countermeasures to the credible/probable, based on how much your data is worth. That's not only for cyber, think of your house padlocks, the lawn fence, bedroom vault, etc..

    – Fábio Dias
    Aug 12 at 16:53













5














5










5









Everything is hackable. There is no protection that cannot be circumvented, assuming that the data/device is in working/accessible condition.



The point is if is worth the effort. Arguably, there is little to be gained from getting access to a dedicated camera. A mobile phone would be far more profitable, more information, more entry vectors. It could even be used as an entry vector to other accounts/networks/devices.



Even thinking in ransomware scenarios, most photographers, from amateur onwards, usually rotate several SD cards. If you encrypt one, I'd just be sad I lost some pics, format it and move on. Then consider that all wireless connections of my camera are usually off (battery saving) and when I turn it on, it is for short periods of time (not many sniffing opportunities). And you can't really do it remotely, the hacker must have some sort of physical proximity... not trivial...






share|improve this answer













Everything is hackable. There is no protection that cannot be circumvented, assuming that the data/device is in working/accessible condition.



The point is if is worth the effort. Arguably, there is little to be gained from getting access to a dedicated camera. A mobile phone would be far more profitable, more information, more entry vectors. It could even be used as an entry vector to other accounts/networks/devices.



Even thinking in ransomware scenarios, most photographers, from amateur onwards, usually rotate several SD cards. If you encrypt one, I'd just be sad I lost some pics, format it and move on. Then consider that all wireless connections of my camera are usually off (battery saving) and when I turn it on, it is for short periods of time (not many sniffing opportunities). And you can't really do it remotely, the hacker must have some sort of physical proximity... not trivial...







share|improve this answer












share|improve this answer



share|improve this answer










answered Aug 12 at 0:25









Fábio DiasFábio Dias

1671 bronze badge




1671 bronze badge










  • 4





    @Stan that's why the manufacturer puts the manual in the box (or on the website), since that information is model-specific. Beyond "turn off your wireless, mind your gear" this subject becomes a subfield of CS called "cybersecurity", which I only know very superficially, despite my CS degrees... I do not believe this is the proper venue to get past the superficial, especially because of the myriad of different ways these connections are established...

    – Fábio Dias
    Aug 12 at 3:41






  • 2





    At risk of repeating myself… Notwithstanding your credentials… Instead of giving me all of the subterfuge, why not explain to me (and others) In your answer… How best to protect it. Richard Feynman once said, If you can't explain something in simple terms, you don't understand it.

    – Stan
    Aug 12 at 13:41






  • 6





    He also notably said, "Hell, if I could explain it to the average person, it wouldn't have been worth the Nobel prize."

    – Tetsujin
    Aug 12 at 14:45






  • 3





    @Stan Use film. Hard to remotely hack pure analogue.

    – Chronocidal
    Aug 12 at 14:45






  • 1





    @Stan Because the basics (turn off wireless, mind your gear) were already covered (both by answers and comments), and I'm trying to convey an orthogonal aspect of the risk/reward analysis that the "perpetrator" would consider. If the rewards outweigh the risk/cost, it will happen. That's how real security works, you adapt your countermeasures to the credible/probable, based on how much your data is worth. That's not only for cyber, think of your house padlocks, the lawn fence, bedroom vault, etc..

    – Fábio Dias
    Aug 12 at 16:53












  • 4





    @Stan that's why the manufacturer puts the manual in the box (or on the website), since that information is model-specific. Beyond "turn off your wireless, mind your gear" this subject becomes a subfield of CS called "cybersecurity", which I only know very superficially, despite my CS degrees... I do not believe this is the proper venue to get past the superficial, especially because of the myriad of different ways these connections are established...

    – Fábio Dias
    Aug 12 at 3:41






  • 2





    At risk of repeating myself… Notwithstanding your credentials… Instead of giving me all of the subterfuge, why not explain to me (and others) In your answer… How best to protect it. Richard Feynman once said, If you can't explain something in simple terms, you don't understand it.

    – Stan
    Aug 12 at 13:41






  • 6





    He also notably said, "Hell, if I could explain it to the average person, it wouldn't have been worth the Nobel prize."

    – Tetsujin
    Aug 12 at 14:45






  • 3





    @Stan Use film. Hard to remotely hack pure analogue.

    – Chronocidal
    Aug 12 at 14:45






  • 1





    @Stan Because the basics (turn off wireless, mind your gear) were already covered (both by answers and comments), and I'm trying to convey an orthogonal aspect of the risk/reward analysis that the "perpetrator" would consider. If the rewards outweigh the risk/cost, it will happen. That's how real security works, you adapt your countermeasures to the credible/probable, based on how much your data is worth. That's not only for cyber, think of your house padlocks, the lawn fence, bedroom vault, etc..

    – Fábio Dias
    Aug 12 at 16:53







4




4





@Stan that's why the manufacturer puts the manual in the box (or on the website), since that information is model-specific. Beyond "turn off your wireless, mind your gear" this subject becomes a subfield of CS called "cybersecurity", which I only know very superficially, despite my CS degrees... I do not believe this is the proper venue to get past the superficial, especially because of the myriad of different ways these connections are established...

– Fábio Dias
Aug 12 at 3:41





@Stan that's why the manufacturer puts the manual in the box (or on the website), since that information is model-specific. Beyond "turn off your wireless, mind your gear" this subject becomes a subfield of CS called "cybersecurity", which I only know very superficially, despite my CS degrees... I do not believe this is the proper venue to get past the superficial, especially because of the myriad of different ways these connections are established...

– Fábio Dias
Aug 12 at 3:41




2




2





At risk of repeating myself… Notwithstanding your credentials… Instead of giving me all of the subterfuge, why not explain to me (and others) In your answer… How best to protect it. Richard Feynman once said, If you can't explain something in simple terms, you don't understand it.

– Stan
Aug 12 at 13:41





At risk of repeating myself… Notwithstanding your credentials… Instead of giving me all of the subterfuge, why not explain to me (and others) In your answer… How best to protect it. Richard Feynman once said, If you can't explain something in simple terms, you don't understand it.

– Stan
Aug 12 at 13:41




6




6





He also notably said, "Hell, if I could explain it to the average person, it wouldn't have been worth the Nobel prize."

– Tetsujin
Aug 12 at 14:45





He also notably said, "Hell, if I could explain it to the average person, it wouldn't have been worth the Nobel prize."

– Tetsujin
Aug 12 at 14:45




3




3





@Stan Use film. Hard to remotely hack pure analogue.

– Chronocidal
Aug 12 at 14:45





@Stan Use film. Hard to remotely hack pure analogue.

– Chronocidal
Aug 12 at 14:45




1




1





@Stan Because the basics (turn off wireless, mind your gear) were already covered (both by answers and comments), and I'm trying to convey an orthogonal aspect of the risk/reward analysis that the "perpetrator" would consider. If the rewards outweigh the risk/cost, it will happen. That's how real security works, you adapt your countermeasures to the credible/probable, based on how much your data is worth. That's not only for cyber, think of your house padlocks, the lawn fence, bedroom vault, etc..

– Fábio Dias
Aug 12 at 16:53





@Stan Because the basics (turn off wireless, mind your gear) were already covered (both by answers and comments), and I'm trying to convey an orthogonal aspect of the risk/reward analysis that the "perpetrator" would consider. If the rewards outweigh the risk/cost, it will happen. That's how real security works, you adapt your countermeasures to the credible/probable, based on how much your data is worth. That's not only for cyber, think of your house padlocks, the lawn fence, bedroom vault, etc..

– Fábio Dias
Aug 12 at 16:53











4















The video in your link seems to refer to this exploit where a Canon camera is attacked using vulnerabilities in the PTP implementation. This requires a data connection between the camera and the attacker: either via USB or WiFi. The camera would then accept and execute a firmware image which then can do anything, including encrypting the photos, sending them to the attacker, and bricking the camera itself, all of which can be used to collect ransom.



One important aspect of firmware viruses is that once infected, the device can never be fully trusted again: the process of updating firmware is controlled by the firmware itself, so sending a known clean firmware to the camera cannot guarantee that the device really accepts it without persisting any of the malicious code.



The good news is, firmware infections are known for at least half a decade now, but they never became mainstream. The costs of such attacks are too high to target regular users, so unless you are taking photos inside a nuclear facility in Iran, such an attack is quite unlikely. What is likely is getting your camera's storage infected with a regular PC virus.



Both attacks require a way to get the malicious data into your camera in the first place, so if you keep the wireless interfaces disabled and don't plug your camera or the storage cards into untrusted computers, there's nothing to worry about.






share|improve this answer

























  • The last paragraph means more to the average photographer than your fine introduction. Still, if I told that to my brother, his eye's would gloss over and he'd probably not give it another thought until it happened to him. +1

    – Stan
    Aug 12 at 13:49






  • 1





    Technically, there might be JTAG interfaces accessible under the cover, allowing firmware-independent firmware updates. Or non-overwritable bootloaders. Or going full Rossmann and desoldering and reprogramming the flash chips :)

    – rackandboneman
    Aug 13 at 11:29















4















The video in your link seems to refer to this exploit where a Canon camera is attacked using vulnerabilities in the PTP implementation. This requires a data connection between the camera and the attacker: either via USB or WiFi. The camera would then accept and execute a firmware image which then can do anything, including encrypting the photos, sending them to the attacker, and bricking the camera itself, all of which can be used to collect ransom.



One important aspect of firmware viruses is that once infected, the device can never be fully trusted again: the process of updating firmware is controlled by the firmware itself, so sending a known clean firmware to the camera cannot guarantee that the device really accepts it without persisting any of the malicious code.



The good news is, firmware infections are known for at least half a decade now, but they never became mainstream. The costs of such attacks are too high to target regular users, so unless you are taking photos inside a nuclear facility in Iran, such an attack is quite unlikely. What is likely is getting your camera's storage infected with a regular PC virus.



Both attacks require a way to get the malicious data into your camera in the first place, so if you keep the wireless interfaces disabled and don't plug your camera or the storage cards into untrusted computers, there's nothing to worry about.






share|improve this answer

























  • The last paragraph means more to the average photographer than your fine introduction. Still, if I told that to my brother, his eye's would gloss over and he'd probably not give it another thought until it happened to him. +1

    – Stan
    Aug 12 at 13:49






  • 1





    Technically, there might be JTAG interfaces accessible under the cover, allowing firmware-independent firmware updates. Or non-overwritable bootloaders. Or going full Rossmann and desoldering and reprogramming the flash chips :)

    – rackandboneman
    Aug 13 at 11:29













4














4










4









The video in your link seems to refer to this exploit where a Canon camera is attacked using vulnerabilities in the PTP implementation. This requires a data connection between the camera and the attacker: either via USB or WiFi. The camera would then accept and execute a firmware image which then can do anything, including encrypting the photos, sending them to the attacker, and bricking the camera itself, all of which can be used to collect ransom.



One important aspect of firmware viruses is that once infected, the device can never be fully trusted again: the process of updating firmware is controlled by the firmware itself, so sending a known clean firmware to the camera cannot guarantee that the device really accepts it without persisting any of the malicious code.



The good news is, firmware infections are known for at least half a decade now, but they never became mainstream. The costs of such attacks are too high to target regular users, so unless you are taking photos inside a nuclear facility in Iran, such an attack is quite unlikely. What is likely is getting your camera's storage infected with a regular PC virus.



Both attacks require a way to get the malicious data into your camera in the first place, so if you keep the wireless interfaces disabled and don't plug your camera or the storage cards into untrusted computers, there's nothing to worry about.






share|improve this answer













The video in your link seems to refer to this exploit where a Canon camera is attacked using vulnerabilities in the PTP implementation. This requires a data connection between the camera and the attacker: either via USB or WiFi. The camera would then accept and execute a firmware image which then can do anything, including encrypting the photos, sending them to the attacker, and bricking the camera itself, all of which can be used to collect ransom.



One important aspect of firmware viruses is that once infected, the device can never be fully trusted again: the process of updating firmware is controlled by the firmware itself, so sending a known clean firmware to the camera cannot guarantee that the device really accepts it without persisting any of the malicious code.



The good news is, firmware infections are known for at least half a decade now, but they never became mainstream. The costs of such attacks are too high to target regular users, so unless you are taking photos inside a nuclear facility in Iran, such an attack is quite unlikely. What is likely is getting your camera's storage infected with a regular PC virus.



Both attacks require a way to get the malicious data into your camera in the first place, so if you keep the wireless interfaces disabled and don't plug your camera or the storage cards into untrusted computers, there's nothing to worry about.







share|improve this answer












share|improve this answer



share|improve this answer










answered Aug 12 at 11:14









Dmitry GrigoryevDmitry Grigoryev

8,39922 silver badges48 bronze badges




8,39922 silver badges48 bronze badges















  • The last paragraph means more to the average photographer than your fine introduction. Still, if I told that to my brother, his eye's would gloss over and he'd probably not give it another thought until it happened to him. +1

    – Stan
    Aug 12 at 13:49






  • 1





    Technically, there might be JTAG interfaces accessible under the cover, allowing firmware-independent firmware updates. Or non-overwritable bootloaders. Or going full Rossmann and desoldering and reprogramming the flash chips :)

    – rackandboneman
    Aug 13 at 11:29

















  • The last paragraph means more to the average photographer than your fine introduction. Still, if I told that to my brother, his eye's would gloss over and he'd probably not give it another thought until it happened to him. +1

    – Stan
    Aug 12 at 13:49






  • 1





    Technically, there might be JTAG interfaces accessible under the cover, allowing firmware-independent firmware updates. Or non-overwritable bootloaders. Or going full Rossmann and desoldering and reprogramming the flash chips :)

    – rackandboneman
    Aug 13 at 11:29
















The last paragraph means more to the average photographer than your fine introduction. Still, if I told that to my brother, his eye's would gloss over and he'd probably not give it another thought until it happened to him. +1

– Stan
Aug 12 at 13:49





The last paragraph means more to the average photographer than your fine introduction. Still, if I told that to my brother, his eye's would gloss over and he'd probably not give it another thought until it happened to him. +1

– Stan
Aug 12 at 13:49




1




1





Technically, there might be JTAG interfaces accessible under the cover, allowing firmware-independent firmware updates. Or non-overwritable bootloaders. Or going full Rossmann and desoldering and reprogramming the flash chips :)

– rackandboneman
Aug 13 at 11:29





Technically, there might be JTAG interfaces accessible under the cover, allowing firmware-independent firmware updates. Or non-overwritable bootloaders. Or going full Rossmann and desoldering and reprogramming the flash chips :)

– rackandboneman
Aug 13 at 11:29











2















There are a few assumptions that go into the CheckPoint demonstration hack. Note that so far as I'm aware, this isn't a hack that is "in the wild" - this is a "white hat" hack where a ethical hacker tests the security of the device.



In ethical hacking, the findings are not immediately announced to the public. Instead, they inform the product vendor of the finding and provide them ample opportunity to produce a fix. Canon was notified and a fix is already available for the camera in question.



As someone who does work in the security field I can make a few general statements.



  • There are many vulnerabilities that are detected by ethical people and where a software fix is made available prior to any unethical people learning about the exploit. Most of the time, this is how things work. But ...


  • This comes with a consequence. Once a vendor makes a fix available, malicious hackers can compare the patched vs. unpatched software to see if they can work out what had to change. This provides them some clues as to where they might find the vulnerability. Once they find the vulnerability, then can build software to exploit it.


  • This means that the security fix itself ... clues in unethical hackers about the vulnerability and gets them busy trying to build an exploit. But this takes time. It might happen in just a few days.


  • THIS means that once a security patch is available, you really should make it a priority to download and install the security patch as soon as possible (preferably within just a few days). If you do this, your device will be patched from that particular vulnerability before any exploits show up in the wild.


  • Trouble happens when security patches have been available for months (or years) and people don't bother to install the necessary updates. If you do not want to install feature updates ... that's one thing. But you should make a special effort to keep up with security updates.


Malicious hackers are regularly trying to build exploits against computers (operating systems & applications). But home electronics devices, such as home routers, security cameras, etc. -- anything with an Internet connection -- are particular ripe targets because often these devices are often a bit too casual about the security aspects of their design. They make mistakes that software vendors used to make 20 years ago when they did things such as having well-known default passwords -- or storing or transmitting sensitive data in-the-clear.



I have a home security camera (a doorbell camera) that stored the WiFi network password in-the-clear such that a malicious hacker would be able to retrieve the password and use the information to get into the home network.



While many of us have several devices that can be internet-connected in our homes, I typically choose to network these devices via "wired" connection if that's an option. This isn't just safer from a security perspective, it's also more reliable because you aren't competing for bandwidth with neighboring wifi networks.



A traditional photographic camera is a bit of a special case because the camera does not need any network connection to perform its function. The WiFi or Bluetooth option is usually just there is an option to allow remote functionality and/or to transfer files. I transfer files by removing the memory card and inserting it in the computer (it's much faster) and only use the WiFi feature if I'm away from home and don't have my card reader with me.



But as a more generalized answer ... there are more and more Internet of Things devices that need a WiFi connection in order to work. If the vendors of these products are not experienced at how to secure their products (and many are not) then they leave consumers vulnerable to these sorts of attacks.



Keep your products up-to-date ... especially for security updates.






share|improve this answer

























  • "things such as having well-known default passwords". Used to be that the world's largest provider of free wifi was Linksys with their universal default password. =)

    – scottbb
    Aug 13 at 17:23















2















There are a few assumptions that go into the CheckPoint demonstration hack. Note that so far as I'm aware, this isn't a hack that is "in the wild" - this is a "white hat" hack where a ethical hacker tests the security of the device.



In ethical hacking, the findings are not immediately announced to the public. Instead, they inform the product vendor of the finding and provide them ample opportunity to produce a fix. Canon was notified and a fix is already available for the camera in question.



As someone who does work in the security field I can make a few general statements.



  • There are many vulnerabilities that are detected by ethical people and where a software fix is made available prior to any unethical people learning about the exploit. Most of the time, this is how things work. But ...


  • This comes with a consequence. Once a vendor makes a fix available, malicious hackers can compare the patched vs. unpatched software to see if they can work out what had to change. This provides them some clues as to where they might find the vulnerability. Once they find the vulnerability, then can build software to exploit it.


  • This means that the security fix itself ... clues in unethical hackers about the vulnerability and gets them busy trying to build an exploit. But this takes time. It might happen in just a few days.


  • THIS means that once a security patch is available, you really should make it a priority to download and install the security patch as soon as possible (preferably within just a few days). If you do this, your device will be patched from that particular vulnerability before any exploits show up in the wild.


  • Trouble happens when security patches have been available for months (or years) and people don't bother to install the necessary updates. If you do not want to install feature updates ... that's one thing. But you should make a special effort to keep up with security updates.


Malicious hackers are regularly trying to build exploits against computers (operating systems & applications). But home electronics devices, such as home routers, security cameras, etc. -- anything with an Internet connection -- are particular ripe targets because often these devices are often a bit too casual about the security aspects of their design. They make mistakes that software vendors used to make 20 years ago when they did things such as having well-known default passwords -- or storing or transmitting sensitive data in-the-clear.



I have a home security camera (a doorbell camera) that stored the WiFi network password in-the-clear such that a malicious hacker would be able to retrieve the password and use the information to get into the home network.



While many of us have several devices that can be internet-connected in our homes, I typically choose to network these devices via "wired" connection if that's an option. This isn't just safer from a security perspective, it's also more reliable because you aren't competing for bandwidth with neighboring wifi networks.



A traditional photographic camera is a bit of a special case because the camera does not need any network connection to perform its function. The WiFi or Bluetooth option is usually just there is an option to allow remote functionality and/or to transfer files. I transfer files by removing the memory card and inserting it in the computer (it's much faster) and only use the WiFi feature if I'm away from home and don't have my card reader with me.



But as a more generalized answer ... there are more and more Internet of Things devices that need a WiFi connection in order to work. If the vendors of these products are not experienced at how to secure their products (and many are not) then they leave consumers vulnerable to these sorts of attacks.



Keep your products up-to-date ... especially for security updates.






share|improve this answer

























  • "things such as having well-known default passwords". Used to be that the world's largest provider of free wifi was Linksys with their universal default password. =)

    – scottbb
    Aug 13 at 17:23













2














2










2









There are a few assumptions that go into the CheckPoint demonstration hack. Note that so far as I'm aware, this isn't a hack that is "in the wild" - this is a "white hat" hack where a ethical hacker tests the security of the device.



In ethical hacking, the findings are not immediately announced to the public. Instead, they inform the product vendor of the finding and provide them ample opportunity to produce a fix. Canon was notified and a fix is already available for the camera in question.



As someone who does work in the security field I can make a few general statements.



  • There are many vulnerabilities that are detected by ethical people and where a software fix is made available prior to any unethical people learning about the exploit. Most of the time, this is how things work. But ...


  • This comes with a consequence. Once a vendor makes a fix available, malicious hackers can compare the patched vs. unpatched software to see if they can work out what had to change. This provides them some clues as to where they might find the vulnerability. Once they find the vulnerability, then can build software to exploit it.


  • This means that the security fix itself ... clues in unethical hackers about the vulnerability and gets them busy trying to build an exploit. But this takes time. It might happen in just a few days.


  • THIS means that once a security patch is available, you really should make it a priority to download and install the security patch as soon as possible (preferably within just a few days). If you do this, your device will be patched from that particular vulnerability before any exploits show up in the wild.


  • Trouble happens when security patches have been available for months (or years) and people don't bother to install the necessary updates. If you do not want to install feature updates ... that's one thing. But you should make a special effort to keep up with security updates.


Malicious hackers are regularly trying to build exploits against computers (operating systems & applications). But home electronics devices, such as home routers, security cameras, etc. -- anything with an Internet connection -- are particular ripe targets because often these devices are often a bit too casual about the security aspects of their design. They make mistakes that software vendors used to make 20 years ago when they did things such as having well-known default passwords -- or storing or transmitting sensitive data in-the-clear.



I have a home security camera (a doorbell camera) that stored the WiFi network password in-the-clear such that a malicious hacker would be able to retrieve the password and use the information to get into the home network.



While many of us have several devices that can be internet-connected in our homes, I typically choose to network these devices via "wired" connection if that's an option. This isn't just safer from a security perspective, it's also more reliable because you aren't competing for bandwidth with neighboring wifi networks.



A traditional photographic camera is a bit of a special case because the camera does not need any network connection to perform its function. The WiFi or Bluetooth option is usually just there is an option to allow remote functionality and/or to transfer files. I transfer files by removing the memory card and inserting it in the computer (it's much faster) and only use the WiFi feature if I'm away from home and don't have my card reader with me.



But as a more generalized answer ... there are more and more Internet of Things devices that need a WiFi connection in order to work. If the vendors of these products are not experienced at how to secure their products (and many are not) then they leave consumers vulnerable to these sorts of attacks.



Keep your products up-to-date ... especially for security updates.






share|improve this answer













There are a few assumptions that go into the CheckPoint demonstration hack. Note that so far as I'm aware, this isn't a hack that is "in the wild" - this is a "white hat" hack where a ethical hacker tests the security of the device.



In ethical hacking, the findings are not immediately announced to the public. Instead, they inform the product vendor of the finding and provide them ample opportunity to produce a fix. Canon was notified and a fix is already available for the camera in question.



As someone who does work in the security field I can make a few general statements.



  • There are many vulnerabilities that are detected by ethical people and where a software fix is made available prior to any unethical people learning about the exploit. Most of the time, this is how things work. But ...


  • This comes with a consequence. Once a vendor makes a fix available, malicious hackers can compare the patched vs. unpatched software to see if they can work out what had to change. This provides them some clues as to where they might find the vulnerability. Once they find the vulnerability, then can build software to exploit it.


  • This means that the security fix itself ... clues in unethical hackers about the vulnerability and gets them busy trying to build an exploit. But this takes time. It might happen in just a few days.


  • THIS means that once a security patch is available, you really should make it a priority to download and install the security patch as soon as possible (preferably within just a few days). If you do this, your device will be patched from that particular vulnerability before any exploits show up in the wild.


  • Trouble happens when security patches have been available for months (or years) and people don't bother to install the necessary updates. If you do not want to install feature updates ... that's one thing. But you should make a special effort to keep up with security updates.


Malicious hackers are regularly trying to build exploits against computers (operating systems & applications). But home electronics devices, such as home routers, security cameras, etc. -- anything with an Internet connection -- are particular ripe targets because often these devices are often a bit too casual about the security aspects of their design. They make mistakes that software vendors used to make 20 years ago when they did things such as having well-known default passwords -- or storing or transmitting sensitive data in-the-clear.



I have a home security camera (a doorbell camera) that stored the WiFi network password in-the-clear such that a malicious hacker would be able to retrieve the password and use the information to get into the home network.



While many of us have several devices that can be internet-connected in our homes, I typically choose to network these devices via "wired" connection if that's an option. This isn't just safer from a security perspective, it's also more reliable because you aren't competing for bandwidth with neighboring wifi networks.



A traditional photographic camera is a bit of a special case because the camera does not need any network connection to perform its function. The WiFi or Bluetooth option is usually just there is an option to allow remote functionality and/or to transfer files. I transfer files by removing the memory card and inserting it in the computer (it's much faster) and only use the WiFi feature if I'm away from home and don't have my card reader with me.



But as a more generalized answer ... there are more and more Internet of Things devices that need a WiFi connection in order to work. If the vendors of these products are not experienced at how to secure their products (and many are not) then they leave consumers vulnerable to these sorts of attacks.



Keep your products up-to-date ... especially for security updates.







share|improve this answer












share|improve this answer



share|improve this answer










answered Aug 12 at 20:15









Tim CampbellTim Campbell

1213 bronze badges




1213 bronze badges















  • "things such as having well-known default passwords". Used to be that the world's largest provider of free wifi was Linksys with their universal default password. =)

    – scottbb
    Aug 13 at 17:23

















  • "things such as having well-known default passwords". Used to be that the world's largest provider of free wifi was Linksys with their universal default password. =)

    – scottbb
    Aug 13 at 17:23
















"things such as having well-known default passwords". Used to be that the world's largest provider of free wifi was Linksys with their universal default password. =)

– scottbb
Aug 13 at 17:23





"things such as having well-known default passwords". Used to be that the world's largest provider of free wifi was Linksys with their universal default password. =)

– scottbb
Aug 13 at 17:23











0















I think you have just cause to be concerned. As stated by Fabio, everything is hackable. If you are press photographer, wedding photographer or are in the public arena as a competeitive photographer in any aspect, you should not activate wifi or you should use a body without the option. The risk of losing your own work to a competitor is too great. Can you imagine shooting a wedding and not selling any prints because someone stole everything that you shot straight from your own camera without your knowledge? Unless you absolutely need it, turn off wifi.






share|improve this answer




















  • 1





    Can you cite even one instance where this has happened? I sincerely doubt professional photographers would use wifi anyways on location as they take a lot of photos and bandwidth is too low.

    – Eric Shain
    Aug 12 at 1:57






  • 1





    No, not personally, but that doesn't mean it doesn't happen or won't happen. Everything is hackable. As far as a photogs habits are concerned, I won't presume to know how everyone shoots. If the wifi is turned off, though, the door is closed to hackers or it becomes much harder to without being noticed.

    – Robert Allen Kautz
    Aug 12 at 2:09






  • 1





    no, not everything is hackable. Take my old Nikon D200. It has no wifi, no bluetooth, no 3G. The only way to get into its brains is to have physical access to the device and even then you'd need to crack open the case and install some extra hardware. My newer D7500 has WiFi and Bluetooth, but only acts as a base station itself, and will only communicate with Nikon's own software when doing so. Maybe a man in the middle attack is possible, but highly unlikely.

    – jwenting
    Aug 12 at 11:01






  • 2





    @FábioDias You are 100% correct: obligatory XKCD

    – FreeMan
    Aug 12 at 15:54






  • 1





    @FábioDias which wouldn't allow "hacking" in order to make the camera do things it's not supposed to, as is the intended meaning. Simple theft is something else entirely.

    – jwenting
    Aug 13 at 3:25















0















I think you have just cause to be concerned. As stated by Fabio, everything is hackable. If you are press photographer, wedding photographer or are in the public arena as a competeitive photographer in any aspect, you should not activate wifi or you should use a body without the option. The risk of losing your own work to a competitor is too great. Can you imagine shooting a wedding and not selling any prints because someone stole everything that you shot straight from your own camera without your knowledge? Unless you absolutely need it, turn off wifi.






share|improve this answer




















  • 1





    Can you cite even one instance where this has happened? I sincerely doubt professional photographers would use wifi anyways on location as they take a lot of photos and bandwidth is too low.

    – Eric Shain
    Aug 12 at 1:57






  • 1





    No, not personally, but that doesn't mean it doesn't happen or won't happen. Everything is hackable. As far as a photogs habits are concerned, I won't presume to know how everyone shoots. If the wifi is turned off, though, the door is closed to hackers or it becomes much harder to without being noticed.

    – Robert Allen Kautz
    Aug 12 at 2:09






  • 1





    no, not everything is hackable. Take my old Nikon D200. It has no wifi, no bluetooth, no 3G. The only way to get into its brains is to have physical access to the device and even then you'd need to crack open the case and install some extra hardware. My newer D7500 has WiFi and Bluetooth, but only acts as a base station itself, and will only communicate with Nikon's own software when doing so. Maybe a man in the middle attack is possible, but highly unlikely.

    – jwenting
    Aug 12 at 11:01






  • 2





    @FábioDias You are 100% correct: obligatory XKCD

    – FreeMan
    Aug 12 at 15:54






  • 1





    @FábioDias which wouldn't allow "hacking" in order to make the camera do things it's not supposed to, as is the intended meaning. Simple theft is something else entirely.

    – jwenting
    Aug 13 at 3:25













0














0










0









I think you have just cause to be concerned. As stated by Fabio, everything is hackable. If you are press photographer, wedding photographer or are in the public arena as a competeitive photographer in any aspect, you should not activate wifi or you should use a body without the option. The risk of losing your own work to a competitor is too great. Can you imagine shooting a wedding and not selling any prints because someone stole everything that you shot straight from your own camera without your knowledge? Unless you absolutely need it, turn off wifi.






share|improve this answer













I think you have just cause to be concerned. As stated by Fabio, everything is hackable. If you are press photographer, wedding photographer or are in the public arena as a competeitive photographer in any aspect, you should not activate wifi or you should use a body without the option. The risk of losing your own work to a competitor is too great. Can you imagine shooting a wedding and not selling any prints because someone stole everything that you shot straight from your own camera without your knowledge? Unless you absolutely need it, turn off wifi.







share|improve this answer












share|improve this answer



share|improve this answer










answered Aug 12 at 1:37







Robert Allen Kautz

















  • 1





    Can you cite even one instance where this has happened? I sincerely doubt professional photographers would use wifi anyways on location as they take a lot of photos and bandwidth is too low.

    – Eric Shain
    Aug 12 at 1:57






  • 1





    No, not personally, but that doesn't mean it doesn't happen or won't happen. Everything is hackable. As far as a photogs habits are concerned, I won't presume to know how everyone shoots. If the wifi is turned off, though, the door is closed to hackers or it becomes much harder to without being noticed.

    – Robert Allen Kautz
    Aug 12 at 2:09






  • 1





    no, not everything is hackable. Take my old Nikon D200. It has no wifi, no bluetooth, no 3G. The only way to get into its brains is to have physical access to the device and even then you'd need to crack open the case and install some extra hardware. My newer D7500 has WiFi and Bluetooth, but only acts as a base station itself, and will only communicate with Nikon's own software when doing so. Maybe a man in the middle attack is possible, but highly unlikely.

    – jwenting
    Aug 12 at 11:01






  • 2





    @FábioDias You are 100% correct: obligatory XKCD

    – FreeMan
    Aug 12 at 15:54






  • 1





    @FábioDias which wouldn't allow "hacking" in order to make the camera do things it's not supposed to, as is the intended meaning. Simple theft is something else entirely.

    – jwenting
    Aug 13 at 3:25












  • 1





    Can you cite even one instance where this has happened? I sincerely doubt professional photographers would use wifi anyways on location as they take a lot of photos and bandwidth is too low.

    – Eric Shain
    Aug 12 at 1:57






  • 1





    No, not personally, but that doesn't mean it doesn't happen or won't happen. Everything is hackable. As far as a photogs habits are concerned, I won't presume to know how everyone shoots. If the wifi is turned off, though, the door is closed to hackers or it becomes much harder to without being noticed.

    – Robert Allen Kautz
    Aug 12 at 2:09






  • 1





    no, not everything is hackable. Take my old Nikon D200. It has no wifi, no bluetooth, no 3G. The only way to get into its brains is to have physical access to the device and even then you'd need to crack open the case and install some extra hardware. My newer D7500 has WiFi and Bluetooth, but only acts as a base station itself, and will only communicate with Nikon's own software when doing so. Maybe a man in the middle attack is possible, but highly unlikely.

    – jwenting
    Aug 12 at 11:01






  • 2





    @FábioDias You are 100% correct: obligatory XKCD

    – FreeMan
    Aug 12 at 15:54






  • 1





    @FábioDias which wouldn't allow "hacking" in order to make the camera do things it's not supposed to, as is the intended meaning. Simple theft is something else entirely.

    – jwenting
    Aug 13 at 3:25







1




1





Can you cite even one instance where this has happened? I sincerely doubt professional photographers would use wifi anyways on location as they take a lot of photos and bandwidth is too low.

– Eric Shain
Aug 12 at 1:57





Can you cite even one instance where this has happened? I sincerely doubt professional photographers would use wifi anyways on location as they take a lot of photos and bandwidth is too low.

– Eric Shain
Aug 12 at 1:57




1




1





No, not personally, but that doesn't mean it doesn't happen or won't happen. Everything is hackable. As far as a photogs habits are concerned, I won't presume to know how everyone shoots. If the wifi is turned off, though, the door is closed to hackers or it becomes much harder to without being noticed.

– Robert Allen Kautz
Aug 12 at 2:09





No, not personally, but that doesn't mean it doesn't happen or won't happen. Everything is hackable. As far as a photogs habits are concerned, I won't presume to know how everyone shoots. If the wifi is turned off, though, the door is closed to hackers or it becomes much harder to without being noticed.

– Robert Allen Kautz
Aug 12 at 2:09




1




1





no, not everything is hackable. Take my old Nikon D200. It has no wifi, no bluetooth, no 3G. The only way to get into its brains is to have physical access to the device and even then you'd need to crack open the case and install some extra hardware. My newer D7500 has WiFi and Bluetooth, but only acts as a base station itself, and will only communicate with Nikon's own software when doing so. Maybe a man in the middle attack is possible, but highly unlikely.

– jwenting
Aug 12 at 11:01





no, not everything is hackable. Take my old Nikon D200. It has no wifi, no bluetooth, no 3G. The only way to get into its brains is to have physical access to the device and even then you'd need to crack open the case and install some extra hardware. My newer D7500 has WiFi and Bluetooth, but only acts as a base station itself, and will only communicate with Nikon's own software when doing so. Maybe a man in the middle attack is possible, but highly unlikely.

– jwenting
Aug 12 at 11:01




2




2





@FábioDias You are 100% correct: obligatory XKCD

– FreeMan
Aug 12 at 15:54





@FábioDias You are 100% correct: obligatory XKCD

– FreeMan
Aug 12 at 15:54




1




1





@FábioDias which wouldn't allow "hacking" in order to make the camera do things it's not supposed to, as is the intended meaning. Simple theft is something else entirely.

– jwenting
Aug 13 at 3:25





@FábioDias which wouldn't allow "hacking" in order to make the camera do things it's not supposed to, as is the intended meaning. Simple theft is something else entirely.

– jwenting
Aug 13 at 3:25











0















I am not a hacker but as programmer, I think there is not profit for such action. However it can be done. There is a lot architectures for cameras. They do not use same firmware, same hardware, same properties, etc. So writing a malware could be very very expensive. Recently, by improvement in cameras they can run limited version of operating systems. For example my canon 60D has firmware based on linux. I should note that many of electronic devices may have linux based os for better upgrades and better connectivity with peripheral devices. So the risk of be attacked by ransomware or any malware is increasing, while it is still too low to pay attention. Many of camera hardware breakage are based bad user operation not viruses, for example ejecting memory card without safe removing, ejecting memory card while camera is capturing, or using low quality memories. If some one steal your data or remove them when your camera is connected to a computer, you should worry about computer protection not camera






share|improve this answer




















  • 1





    You're rationalizing reasons for not considering this as a threat out of apathy or ignorance. I think every threat must be considered. You're probably too young to remember the "Merry Christmas" computer virus (the first one) written by Richard Brandow. Until that time, computers were thought to be infallible. That's why he wrote it. He became the first tech guru for the CBC nearly fifty years ago.

    – Stan
    Aug 12 at 13:17






  • 2





    "I think every threat must be considered" That is just plainly wrong. You can consider only credible/probable threats. Otherwise, rogue meteors...

    – Fábio Dias
    Aug 12 at 16:46






  • 1





    @FábioDias You just considered the threat of rogue meteors. You likely quickly concluded that the risk of that is very low and that therefore no specific mitigations are required in your case, but you still considered it. For a proper risk analysis, one would consider the probability and impact of every threat one can think of (including far-fetched ones), and then use the outcome of that analysis to decide what actions to take to mitigate which threats.

    – a CVn
    Aug 13 at 9:43






  • 2





    For example, meteor hits camera? Probability: very low. Impact: need to buy new camera. Mitigation: plan to buy a new camera at some point. Similarly, for example: theft of camera? Probability: likely low to medium, depending on use. Impact: need to buy a new camera, possible loss of images on card, possible psychological stress. Mitigation: keep the camera near yourself when in an untrustworthy setting, possibly don't advertise the fact that it's worth $$$$$. And so on. (Note that these are only examples, for illustrative purposes. If it matters to you, you should do your own risk analysis.)

    – a CVn
    Aug 13 at 9:43






  • 1





    @scottbb I see you're getting the idea. :-) (Though usually for high-impact events, you'd typically want some mitigation even if the probability is rather low. That said, for that particular one the camera isn't much related to the event. :)) Basically, this is what insurance companies do all the time...

    – a CVn
    Aug 13 at 18:57















0















I am not a hacker but as programmer, I think there is not profit for such action. However it can be done. There is a lot architectures for cameras. They do not use same firmware, same hardware, same properties, etc. So writing a malware could be very very expensive. Recently, by improvement in cameras they can run limited version of operating systems. For example my canon 60D has firmware based on linux. I should note that many of electronic devices may have linux based os for better upgrades and better connectivity with peripheral devices. So the risk of be attacked by ransomware or any malware is increasing, while it is still too low to pay attention. Many of camera hardware breakage are based bad user operation not viruses, for example ejecting memory card without safe removing, ejecting memory card while camera is capturing, or using low quality memories. If some one steal your data or remove them when your camera is connected to a computer, you should worry about computer protection not camera






share|improve this answer




















  • 1





    You're rationalizing reasons for not considering this as a threat out of apathy or ignorance. I think every threat must be considered. You're probably too young to remember the "Merry Christmas" computer virus (the first one) written by Richard Brandow. Until that time, computers were thought to be infallible. That's why he wrote it. He became the first tech guru for the CBC nearly fifty years ago.

    – Stan
    Aug 12 at 13:17






  • 2





    "I think every threat must be considered" That is just plainly wrong. You can consider only credible/probable threats. Otherwise, rogue meteors...

    – Fábio Dias
    Aug 12 at 16:46






  • 1





    @FábioDias You just considered the threat of rogue meteors. You likely quickly concluded that the risk of that is very low and that therefore no specific mitigations are required in your case, but you still considered it. For a proper risk analysis, one would consider the probability and impact of every threat one can think of (including far-fetched ones), and then use the outcome of that analysis to decide what actions to take to mitigate which threats.

    – a CVn
    Aug 13 at 9:43






  • 2





    For example, meteor hits camera? Probability: very low. Impact: need to buy new camera. Mitigation: plan to buy a new camera at some point. Similarly, for example: theft of camera? Probability: likely low to medium, depending on use. Impact: need to buy a new camera, possible loss of images on card, possible psychological stress. Mitigation: keep the camera near yourself when in an untrustworthy setting, possibly don't advertise the fact that it's worth $$$$$. And so on. (Note that these are only examples, for illustrative purposes. If it matters to you, you should do your own risk analysis.)

    – a CVn
    Aug 13 at 9:43






  • 1





    @scottbb I see you're getting the idea. :-) (Though usually for high-impact events, you'd typically want some mitigation even if the probability is rather low. That said, for that particular one the camera isn't much related to the event. :)) Basically, this is what insurance companies do all the time...

    – a CVn
    Aug 13 at 18:57













0














0










0









I am not a hacker but as programmer, I think there is not profit for such action. However it can be done. There is a lot architectures for cameras. They do not use same firmware, same hardware, same properties, etc. So writing a malware could be very very expensive. Recently, by improvement in cameras they can run limited version of operating systems. For example my canon 60D has firmware based on linux. I should note that many of electronic devices may have linux based os for better upgrades and better connectivity with peripheral devices. So the risk of be attacked by ransomware or any malware is increasing, while it is still too low to pay attention. Many of camera hardware breakage are based bad user operation not viruses, for example ejecting memory card without safe removing, ejecting memory card while camera is capturing, or using low quality memories. If some one steal your data or remove them when your camera is connected to a computer, you should worry about computer protection not camera






share|improve this answer













I am not a hacker but as programmer, I think there is not profit for such action. However it can be done. There is a lot architectures for cameras. They do not use same firmware, same hardware, same properties, etc. So writing a malware could be very very expensive. Recently, by improvement in cameras they can run limited version of operating systems. For example my canon 60D has firmware based on linux. I should note that many of electronic devices may have linux based os for better upgrades and better connectivity with peripheral devices. So the risk of be attacked by ransomware or any malware is increasing, while it is still too low to pay attention. Many of camera hardware breakage are based bad user operation not viruses, for example ejecting memory card without safe removing, ejecting memory card while camera is capturing, or using low quality memories. If some one steal your data or remove them when your camera is connected to a computer, you should worry about computer protection not camera







share|improve this answer












share|improve this answer



share|improve this answer










answered Aug 12 at 7:20







Babak.Abad

















  • 1





    You're rationalizing reasons for not considering this as a threat out of apathy or ignorance. I think every threat must be considered. You're probably too young to remember the "Merry Christmas" computer virus (the first one) written by Richard Brandow. Until that time, computers were thought to be infallible. That's why he wrote it. He became the first tech guru for the CBC nearly fifty years ago.

    – Stan
    Aug 12 at 13:17






  • 2





    "I think every threat must be considered" That is just plainly wrong. You can consider only credible/probable threats. Otherwise, rogue meteors...

    – Fábio Dias
    Aug 12 at 16:46






  • 1





    @FábioDias You just considered the threat of rogue meteors. You likely quickly concluded that the risk of that is very low and that therefore no specific mitigations are required in your case, but you still considered it. For a proper risk analysis, one would consider the probability and impact of every threat one can think of (including far-fetched ones), and then use the outcome of that analysis to decide what actions to take to mitigate which threats.

    – a CVn
    Aug 13 at 9:43






  • 2





    For example, meteor hits camera? Probability: very low. Impact: need to buy new camera. Mitigation: plan to buy a new camera at some point. Similarly, for example: theft of camera? Probability: likely low to medium, depending on use. Impact: need to buy a new camera, possible loss of images on card, possible psychological stress. Mitigation: keep the camera near yourself when in an untrustworthy setting, possibly don't advertise the fact that it's worth $$$$$. And so on. (Note that these are only examples, for illustrative purposes. If it matters to you, you should do your own risk analysis.)

    – a CVn
    Aug 13 at 9:43






  • 1





    @scottbb I see you're getting the idea. :-) (Though usually for high-impact events, you'd typically want some mitigation even if the probability is rather low. That said, for that particular one the camera isn't much related to the event. :)) Basically, this is what insurance companies do all the time...

    – a CVn
    Aug 13 at 18:57












  • 1





    You're rationalizing reasons for not considering this as a threat out of apathy or ignorance. I think every threat must be considered. You're probably too young to remember the "Merry Christmas" computer virus (the first one) written by Richard Brandow. Until that time, computers were thought to be infallible. That's why he wrote it. He became the first tech guru for the CBC nearly fifty years ago.

    – Stan
    Aug 12 at 13:17






  • 2





    "I think every threat must be considered" That is just plainly wrong. You can consider only credible/probable threats. Otherwise, rogue meteors...

    – Fábio Dias
    Aug 12 at 16:46






  • 1





    @FábioDias You just considered the threat of rogue meteors. You likely quickly concluded that the risk of that is very low and that therefore no specific mitigations are required in your case, but you still considered it. For a proper risk analysis, one would consider the probability and impact of every threat one can think of (including far-fetched ones), and then use the outcome of that analysis to decide what actions to take to mitigate which threats.

    – a CVn
    Aug 13 at 9:43






  • 2





    For example, meteor hits camera? Probability: very low. Impact: need to buy new camera. Mitigation: plan to buy a new camera at some point. Similarly, for example: theft of camera? Probability: likely low to medium, depending on use. Impact: need to buy a new camera, possible loss of images on card, possible psychological stress. Mitigation: keep the camera near yourself when in an untrustworthy setting, possibly don't advertise the fact that it's worth $$$$$. And so on. (Note that these are only examples, for illustrative purposes. If it matters to you, you should do your own risk analysis.)

    – a CVn
    Aug 13 at 9:43






  • 1





    @scottbb I see you're getting the idea. :-) (Though usually for high-impact events, you'd typically want some mitigation even if the probability is rather low. That said, for that particular one the camera isn't much related to the event. :)) Basically, this is what insurance companies do all the time...

    – a CVn
    Aug 13 at 18:57







1




1





You're rationalizing reasons for not considering this as a threat out of apathy or ignorance. I think every threat must be considered. You're probably too young to remember the "Merry Christmas" computer virus (the first one) written by Richard Brandow. Until that time, computers were thought to be infallible. That's why he wrote it. He became the first tech guru for the CBC nearly fifty years ago.

– Stan
Aug 12 at 13:17





You're rationalizing reasons for not considering this as a threat out of apathy or ignorance. I think every threat must be considered. You're probably too young to remember the "Merry Christmas" computer virus (the first one) written by Richard Brandow. Until that time, computers were thought to be infallible. That's why he wrote it. He became the first tech guru for the CBC nearly fifty years ago.

– Stan
Aug 12 at 13:17




2




2





"I think every threat must be considered" That is just plainly wrong. You can consider only credible/probable threats. Otherwise, rogue meteors...

– Fábio Dias
Aug 12 at 16:46





"I think every threat must be considered" That is just plainly wrong. You can consider only credible/probable threats. Otherwise, rogue meteors...

– Fábio Dias
Aug 12 at 16:46




1




1





@FábioDias You just considered the threat of rogue meteors. You likely quickly concluded that the risk of that is very low and that therefore no specific mitigations are required in your case, but you still considered it. For a proper risk analysis, one would consider the probability and impact of every threat one can think of (including far-fetched ones), and then use the outcome of that analysis to decide what actions to take to mitigate which threats.

– a CVn
Aug 13 at 9:43





@FábioDias You just considered the threat of rogue meteors. You likely quickly concluded that the risk of that is very low and that therefore no specific mitigations are required in your case, but you still considered it. For a proper risk analysis, one would consider the probability and impact of every threat one can think of (including far-fetched ones), and then use the outcome of that analysis to decide what actions to take to mitigate which threats.

– a CVn
Aug 13 at 9:43




2




2





For example, meteor hits camera? Probability: very low. Impact: need to buy new camera. Mitigation: plan to buy a new camera at some point. Similarly, for example: theft of camera? Probability: likely low to medium, depending on use. Impact: need to buy a new camera, possible loss of images on card, possible psychological stress. Mitigation: keep the camera near yourself when in an untrustworthy setting, possibly don't advertise the fact that it's worth $$$$$. And so on. (Note that these are only examples, for illustrative purposes. If it matters to you, you should do your own risk analysis.)

– a CVn
Aug 13 at 9:43





For example, meteor hits camera? Probability: very low. Impact: need to buy new camera. Mitigation: plan to buy a new camera at some point. Similarly, for example: theft of camera? Probability: likely low to medium, depending on use. Impact: need to buy a new camera, possible loss of images on card, possible psychological stress. Mitigation: keep the camera near yourself when in an untrustworthy setting, possibly don't advertise the fact that it's worth $$$$$. And so on. (Note that these are only examples, for illustrative purposes. If it matters to you, you should do your own risk analysis.)

– a CVn
Aug 13 at 9:43




1




1





@scottbb I see you're getting the idea. :-) (Though usually for high-impact events, you'd typically want some mitigation even if the probability is rather low. That said, for that particular one the camera isn't much related to the event. :)) Basically, this is what insurance companies do all the time...

– a CVn
Aug 13 at 18:57





@scottbb I see you're getting the idea. :-) (Though usually for high-impact events, you'd typically want some mitigation even if the probability is rather low. That said, for that particular one the camera isn't much related to the event. :)) Basically, this is what insurance companies do all the time...

– a CVn
Aug 13 at 18:57

















draft saved

draft discarded
















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f215255%2fif-a-digital-camera-can-be-hacked-in-the-ransomware-sense-how-best-to-protect%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

Circuit construction for execution of conditional statements using least significant bitHow are two different registers being used as “control”?How exactly is the stated composite state of the two registers being produced using the $R_zz$ controlled rotations?Efficiently performing controlled rotations in HHLWould this quantum algorithm implementation work?How to prepare a superposed states of odd integers from $1$ to $sqrtN$?Why is this implementation of the order finding algorithm not working?Circuit construction for Hamiltonian simulationHow can I invert the least significant bit of a certain term of a superposed state?Implementing an oracleImplementing a controlled sum operation

Magento 2 “No Payment Methods” in Admin New OrderHow to integrate Paypal Express Checkout with the Magento APIMagento 1.5 - Sales > Order > edit order and shipping methods disappearAuto Invoice Check/Money Order Payment methodAdd more simple payment methods?Shipping methods not showingWhat should I do to change payment methods if changing the configuration has no effects?1.9 - No Payment Methods showing upMy Payment Methods not Showing for downloadable/virtual product when checkout?Magento2 API to access internal payment methodHow to call an existing payment methods in the registration form?