Hackers can ransomware your fancy digital camera

Not even your precious memories are safe from hackers. 

That much was made clear at the annual DEF CON hacking conference in Las Vegas, where a security researcher demonstrated just how easy it is to remotely encrypt a digital camera with ransomware. And once that happens, you can say goodbye to all your photos — unless you pay up. 

The specific camera in question was a Canon EOS 80D, but, as Eyal Itkin explained to the early Sunday morning crowd of seemingly hungover hackers, it’s likely not the only model vulnerable. 

“If you can do something to cameras, you have many potential victims you can affect,” he observed. “Would you pay to get your camera back?”

Owning your pics.

Owning your pics.

Image: Jack Morse / mashable

It turns out, Itkin noted, that many digital cameras these days are equipped with WiFi. By remotely tricking the camera into installing a malicious firmware update — which he can do if he’s on the same WiFi as your camera with no interaction required from you — he can encrypt all your photos and force the camera to display a ransomware demand. 

The ransomware message displayed on an encrypted camera.

The ransomware message displayed on an encrypted camera.

Image: jack morse / photo of slide from Itkin presentation

In other words, you don’t have to click on some shady link or install a sketchy file to be vulnerable to this attack. 

 ”If you’re not using WiFi, turn it off,” warned Itkin. “If you’re not using Bluetooth, turn it off.”

But all is not lost. Itkin, who is a vulnerability researcher at Check Point Software Technologies, is one of the good guys. That means he notified Canon of the vulnerabilities he discovered, and they issued a fix. There’s just one catch: You have to update the firmware on your camera. 

When is the last time you, or anyone you know, has ever done that? 

Hopefully, after reading this article, the answer is “today.” Otherwise, well, when you lose all those vacation pics to malicious hackers looking to extort you for some cryptocurrency, you can’t say you weren’t warned. 

from Mashable! http://bit.ly/2YN1hC0