It seems not a single device is immune from hackers these days, including the DSLR camera, which generally has no internet connection. But as researchers at Check Point Software noticed, a flaw in the Picture Transfer Protocol (PTP) some DSLR cameras use to wirelessly transfer photos could be used to install malware that could encrypt those photos—and keep them encrypted unless the camera’s owner agrees to pay a ransom.
In a test confirming the exploit, the researchers set up a Wi-Fi access point. Once a Canon EOS 80D camera joined that wireless access point, the researchers were able to remotely install the malware on it. That malware immediately sought out the camera’s SD card and went to work on encrypting its contents. The owner of the camera would then see a message alerting them that they wouldn’t get access to the photos again until a ransom was paid.
Check Point points out that DSLR cameras are a clever attack target because photos often contain personal and sentimental value for the owner. Though Check Point’s research only examined the flaw in Canon cameras, cameras from other manufacturers could be affected as well. Canon has since issued a new security patch for the affected cameras, which owners can read about here.