Researchers at security firm CheckPoint have discovered that hackers can easily install ransomware on a DSLR camera.
Along with disclosing several vulnerabilities, CheckPoint released a report, which detailed how security researcher, Eyal Itkin, was able to remotely install malware on a DSLR camera.
Even worse, the technique shown can be used with both WiFi and USB.
Itkin says that Canon’s Picture Transfer Protocol is ideal for delivering malware because it’s unauthenticated and can be used to transfer files between the camera and computer or mobile devices via WiFi or USB.
In the video above, Itkin shows how he was able to exploit a Canon E0S 80D over WiFi. He also notes that cameras are a great target because they hold personal photos that people would be willing to pay to retrieve those memories.
According to CheckPoint, the flaws affect Canon EOS-series digital SLR and mirrorless cameras, PowerShot SX70HS and PowerShot G5X Mark II.
The security firm disclosed the vulnerabilities to Canon back in March and in May it began working with the digital imagining manufacturer to develop a patch. For now, however, Canon has advised consumers to refrain from using unsecured WiFi networks.