Ring and law enforcement have been in the news recently for privacy concerns, and it’s not going away. Reporting by Vice’s Motherboard shows that El Monte, California police created their own Ring Rewards program. They purchased doorbell cameras and were planning to give them out in return for crime tips.(more…)
Ransomware is usually associated with PCs run in the bowels of some antiquated IT department. Now, however, researchers have figured out how to move the stuff onto your DSLR – with catastrophic results.
The ransomware essentially infects a high end camera and then encrypts all of the photographs on the card. Check Point has create a proof-of-concept that lets hackers connect to a camera via Wi-Fi and inject the code, essentially shutting down the camera until a ransom is paid. They write:
Our research shows how an attacker in close proximity (WiFi), or an attacker who already hijacked our PC (USB), can also propagate to and infect our beloved cameras with malware. Imagine how would you respond if attackers inject ransomware into both your computer and the camera, causing them to hold all of your pictures hostage unless you pay ransom.
The researchers used an open source OS for the Canon EOS 80D, by probing it for exploits, were able to upload the ransomware and activate it. Once a malicious payload is uploaded wirelessly the camera will load it automatically and go into lockdown. “There is a PTP command for remote firmware update, which requires zero user interaction,” wrote the researchers. “This means that even if all of the implementation vulnerabilities are patched, an attacker can still infect the camera using a malicious firmware update file.”
The result? Your camera is toast unless you pay up.
Luckily this is just a proof-of-concept and the attack isn’t in the wild yet. That said, keep your camera close by when you’re in sketchy areas. You never know when a hacker might strike.
A writer at Forbes reports that Apple is going to announce their giving out of pre-jailbroken iPhones at the 2019 Black Hat security conference in Las Vegas.
This, along with bug bounties, would enable researchers to locate security vulnerabilities, and help Apple keep the iPhone secure. These aren’t the same iPhones that are used by developers inside Cupertino, but are said to be locked down a little. Steven Troughton-Smith speculates:
What could a pre-jailbroken iPhone from Apple look like? I would have to imagine it has debug symbols (+ no dyld cache) and the ability to attach a kernel debugger, maybe even SSH, and is surely very securely provisioned and locked to your dev account with strict usage rules– Steve Troughton-Smith (@stroughtonsmith) August 6, 2019
In the right hands, this could really help Apple keep the iPhone secured. It’s going to be interesting to see if Apple does announce this program.