Latest in Gear

Image credit:

Even DSLR cameras are vulnerable to ransomware

Hackers could hijack your valuable photos from a memory card.
Share
Tweet
Share

Sponsored Links

Check Point Research

Cameras are among the few devices that don't connect to the internet, so you'd think they'd be immune to hackers. However, researchers have discovered that some DSLRs and mirrorless cameras are actually vulnerable to ransomware attacks, of all things. Once in range of your camera's WiFi, a bad actor could easily install malware that would encrypt your valuable photos unless you paid for a key.

Check Point Software noticed that the Picture Transfer Protocol (PTP) -- which is unauthenticated in both wired and wireless modes -- is particularly vulnerable to malware attacks. Ironically, they were able to uncover flaws in the Canon EOS 80D by using firmware originally cracked by Magic Lantern, which supplies its own open source app with extra features to Canon EOS owners.

In a video, the researchers showed how they first set up a rogue WiFi access point. Once the attackers were range of the camera, they ran an exploit to access the camera's SD card and encrypt any photos. The surprised owner would then see a message that his pictures are no longer available unless he's willing to pay a ransom.

Check Point notes that cameras are a great attack target because they contain valuable personal photos that folks would be willing to pay for. It disclosed the vulnerability to Canon in March, and last week, Canon issued an advisory telling folks to avoid unsecured WiFi, turn off network functions and install a new security patch.

The issue affects most of Canon's camera lineup, from the EOS 70D to the mirrorless EOS R. It might not be limited to Canon, either, as Check Point told The Verge that other manufacturers, which use the same PTP protocol, could also be vulnerable.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

FCC will require phone carriers to authenticate calls by June 2021

FCC will require phone carriers to authenticate calls by June 2021

View
SpaceX aborts Falcon 9 launch with rare 'Liftoff! Disregard' sequence

SpaceX aborts Falcon 9 launch with rare 'Liftoff! Disregard' sequence

View
Apex's electric supercar includes an AR race coach and partial self-driving

Apex's electric supercar includes an AR race coach and partial self-driving

View
BMW will discontinue its iconic i8 hybrid sports car in April

BMW will discontinue its iconic i8 hybrid sports car in April

View
Ubisoft offers free games to encourage you to stay at home

Ubisoft offers free games to encourage you to stay at home

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr