Canon has issued a security advisory and firmware patch for the vulnerability
The days when ransomware only infected desktops and laptops are long gone. Criminals are now targeting any device that is connected to the internet, through Wi-Fi connection, Bluetooth or even just via a USB cable. This includes a whole range of camera gear.
Security researcher Eyal Itkin of Check Point Software Technologies and his team recently discovered multiple critical vulnerabilities in some DSLR cameras via Wi-Fi that can render a camera and its storage useless until a sum of money is paid to the hackers. They were able to find vulnerabilities that allowed them to infect a Canon EOS 80D with ransomware.
Check Point Software Technologies has demonstrated (as seen in the video above) that Canon DSLRs are vulnerable to ransomware attacks. It is not clear if other camera brands are also affected.
Canon released some information in a statement about how to avoid being susceptible to these attacks and noted that there have been no known instances of such an attack occurring.
Eyal Itkin found that a hacker can easily plant malware on a digital camera because of the unauthenticated and standardized Picture Transfer Protocol. This is an ideal way for infecting cameras with malware and can be used with both Wi-Fi and USB.
The Check Point report states that someone with an infected Wi-Fi access point could deploy it at a tourist destination to pull off an attack. As ransomware attacks are becoming more frequent across several industries, I certainly hope that this doesn't pose a risk for photographers in the future.