Check Point Research said in a study this week hackers can tap into what’s known as the Picture Transfer Protocol — the capability of digital cameras to transfer images to computers and other peripheral devices. The protocol is a feature of Digital Single Lens Reflex, or DSLR, cameras — and experts say hackers can infect them with malware to lock away your photo files and hold them for ransom.
Although hacking cameras is a different concept, since they aren’t always connected to the Internet, Check Point Research said they are susceptible.
“Initially focused on image transfer, this protocol evolved to include dozens of different commands that support anything from taking a live picture to upgrading the camera’s firmware,” the firm said in its analysis, posted Sunday.
Security researcher Eyal Itkin said DSLR cameras are just as susceptible to cyberattack as any other smart device, because they can connect to WiFi.
“This makes them vulnerable to threats as attackers can inject ransomware into both the camera and PC it is connected to,” Itkin said. “The photos could end up being held hostage until the user pays the ransom for them to be released.”
Check Point said it tested hacking with a Canon EOS 80D, but said all digital cameras likely have the same vulnerability.
The analysis led Canon to issue an advisory warning users to avoid connecting cameras to unsecured networks, such as free and public WiFi environments or devices potentially exposed to viruses or other security threats.
Canon also recommended users disable Internet functions when the camera is not in use, and download the latest firmware updates.
While ransomware in the past mainly targeted consumers through exploits like the one now affecting digital cameras, antivirus firm Malwarebytes said in a study last week attacks against businesses have skyrocketed 363 percent since last year.
“Cybercriminals are searching for higher returns on their investment and they can reap serious benefits from ransoming organizations over individuals,” the firm said.
The warnings from Check Point Research and Canon came amid a recent spate of successful ransomware attacks on a smattering of U.S. cities. Two Florida cities paid hackers more than $1 million to release hijacked files, and several others, including Baltimore and Louisville, have seen their computer systems crippled by hackers. Similar activity has also been seen in Europe.