As technology gets smarter it also becomes increasingly vulnerable to getting hacked.
Cameras with connection options like Bluetooth, NFC, and WiFi, make it easier to share photos without a computer, but come with the risk of any networked computing device. They can be remotely hijacked or hacked.
Why should you care if your camera gets hacked?
A recent report from Checkpoint Security has shown that researchers were able to remotely install ransomware on Canon cameras, allowing them to lock all the images on the SD card and disable the camera. Had this been a real world attack, someone could demand a ransom payment to unlock.
This same type of exploit could be used in other destructive ways. An attacker could install a malicious firmware which prevents the camera from turning on, thus reducing your beloved camera into a very expensive paper weight.
The vulnerability affects nearly every model of Canon Digital SLR and Mirrorless camera and so far the only official firmware is for the Canon 80D. Canon says that more firmware updates are coming. You can read more about that on their official website.
Does that mean that all Canon owners are at an immediate risk right now?
Not exactly.
The Checkpoint exploit requires that people either enable WiFi on their camera and connect to a malicious access point, or connect the camera to an infected computer over USB.
If you use a card reader and never enable WiFi on your camera, you are safe.
Whether you use Canon cameras or any other brand, these type of attacks could only become more prevalent.
These are some basic tips to minimize risks when using a network connected camera.
1. Don’t use default names
In the networking menu settings, there are several options that use the same default name for every camera.
For example, Canon sets the default camera name in the wireless setup to EOS80D, which means if someone used an attack script in a public tourist space to scan for every device with the standard name, your camera would show up and could be vulnerable to the attack.
Better to change names to make them more unique. For example, instead of calling the camera "EOS80D", you could call it "DavesMagicEye007".
2. Watch where you tether
If you tether your camera to a computer, make sure that computer is also secure.
This latest exploit can be unleashed from a compromised PC, meaning just connecting to the computer could infect the camera too.
Running anti-virus / anti-malware on your computer and actively scanning for threats is always recommended, and more so if you are using that computer for your photography work.
3. Careful with Public WiFi
Use caution when connecting to Public WiFi with your camera or really any device.
Public WiFi can be a risk either by connecting to an untrusted access point, or by someone on a public network doing something malicious such as sniffing traffic for passwords, or injecting malware into the network stream.
In general, using a VPN on a mobile device or computer can help prevent this kind of activity. When connecting to WiFI with your camera, make sure you only connect to trusted access points.
4. Disable functions not in use
Don’t enable functions when not using them.
Functions like wireless and bluetooth are nice to have, but can expose your devices (cameras included) to malicious connections.
Most cameras do not turn these things on by default, so if you never use them, you should be safe.
If you do occasionally use these functions, make sure to disable them when not in active use. Not only will it keep your devices safer, it will help improve battery life as well.
5. Install new firmware updates
Always stay up to date with firmware updates.
Just like installing security patches on your computer, your camera should always run the latest firmware to ensure you are not only getting the newest features, but to also ensure you have the latest protection from security vulnerabilities.
Remember that security threats are always evolving. Even if you are protected against a vulnerability today, doesn't mean that someone can't come up with a clever new more effective delivery mechanism in the future.
With that in mind, updating the firmware is the best way to keep your camera's software current, and to keep your camera protected from new threats.
