In addition to the threat of having all of the photos stored on a device locked as a result of a ransomware attack, malware installed on a digital camera could also be used to launch other attacks. Canon published the patch to fix the DSLR camera security flaw as part of an official security advisory. And if there's only one or two images, then any ransom is likely to be ignored.
"Once compromised, the attacker has full control over the camera, and they could brick it, use it as an espionage tool, or ransomware it as we demonstrated". Iktin told The Verge that other devices could be vulnerable as well, due to the complexity of the Picture Transfer Protocol.
When using Wi-Fi, prefer using the camera as the Wi-Fi access point, rather than connecting your camera to a public Wi-Fi network.
Since the protocol is standardized and embedded in other camera brands, Check Point believes "similar vulnerabilities can be found in cameras from other vendors as well", the statement said.
In the case of USB connections, attackers that have already hacked the user's PC can exploit the USB connection to infect the camera. A switch to wireless communication simply crashed the camera initially but later, he found a way to deliver the same malicious ransomware update without any cable or EOS Utility app.
Canon was notified of the potential exploit before it was publicly disclosed, and released patches for its cameras earlier in August. When the camera is not used, it is advised to disable the network functions.
To avoid attacks, camera owners should make sure your camera is using the latest firmware version, and install a patch if available, Check Point recommended. That malware immediately sought out the camera's SD card and went to work on encrypting its contents.
This site contains affiliate links to products.