Say Cheese - How I Ransomwared Your DSLR Camera

Explore the world of camera hacking in this eye-opening conference talk that delves into the process of ransomwaring a DSLR camera. Learn about the attack vector using PTP, open-source tools, and firmware vulnerabilities. Discover the journey from initial idea to successful exploit, including code analysis, API understanding, and vulnerability discovery. Follow the speaker's process of building and deploying the exploit, overcoming challenges, and ultimately achieving the goal of ransomware implementation. Gain insights into responsible disclosure practices and draw important conclusions about device security. Perfect for cybersecurity enthusiasts, photographers, and anyone interested in the intersection of technology and security.

Intro
The Idea - Cameras
Meet our target
Open Source is great
The Attack Vector - PTP
PTP-prior work
Dead End ?
Loading it to IDA
Thumbs Up
Locate the code
Understand the API
Finding some Vulns
CVE-2019-5998
Building the Exploit
And, it crashed
And, it hangs ?!
Deploying Scout
PTPy needs help
Vulnerability Recap
Goal: Ransomware
Firmware Update - Design
Firmware Update - Crypto
Firmware Update - Attack
Connecting the dots
Ransomware Demo
Responsible Disclosure
Conclusions
Shameless Self Promotion
That's all folks