PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

DSLR Cameras Can Be Infected With Ransomware

Check Point proves all those precious photos stored on your camera can be encrypted and held to ransom if you're not careful.

Matthew Humphries
 & Matthew Humphries Former Senior Editor

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

Ransomware is a very lucrative business for those distributing it, and it seems there's no limit to the devices they'll attenpt to infect. The latest to be targeted? Your DSLR camera.

As Check Point Research reveals, digital cameras are a great choice for ransomware as they typically contain photos that are of high value to the owner. Maybe it's an album of photos from a recent holiday, a wedding, or some other event we'd all hate to lose the memory of. In other words, we'd be more willing to pay to get them back.

Check Point recorded the video you see below to demonstrate how easy it is for your DSLR camera to be infected:

The method of infection relies on the camera being connected to a wireless network, which is becoming increasingly common as it forms a very convenient way of transferring images to a computer or printer. The standardized protocol for transferring images from a camera is the Picture Transfer Protocol (PTP). The problem is, it isn't authenticated or encrypted while offering a a range of commands to use, which led to researchers looking for vulnerabilities. They found several and got to work creating an exploit.

What Check Point ended up with is a malicious firmware update, which thanks to a PTP command allowing for remote firmware updates without need of user interaction, makes infecting a camera through a patch relatively easy to achieve.

The camera used by Check Point to carry out the ransomware research is an EOS 80D. Canon was selected as a target because it accounts for over 50 percent of the DSLR market and therefore impacts the most people if a vulnerability exists. The company was made aware of the critical vulnerabilities back in March and has issued a security advisory for its cameras requesting owners update to the latest official firmware, turn off network features when not in use, and to refrain from connecting to untrusted wireless networks.

As PTP is so widely used, Check Point believes the vulnerabilities it found won't be restricted to Canon's camera. Other vendors are likely to need to work on security patches for their devices, too.

About Our Expert

Matthew Humphries

Matthew Humphries

Former Senior Editor

My Experience

I started working at PCMag in November 2016, covering all areas of technology and video game news. Before that I spent nearly 15 years working at Geek.com as a writer and editor. I also spent the first six years after leaving university as a professional game designer working with Disney, Games Workshop, 20th Century Fox, and Vivendi.

I hold two degrees: a Bachelor's degree in Computer Science and a Master's degree in Games Development. My first book, Make Your Own Pixel Art, is available from all good book shops.

My Areas of Expertise

  • PC components and system building
  • Raspberry Pi
  • Software development
  • Storage technology
  • Video games and gaming hardware

Read the latest from Matthew Humphries

Read full bio