The research was conducted by Eyal Itkin, of Check Point Research, who details the entire process of how this hack was carried out. Itkin chose to use a Canon EOS 80D DSLR, simply because Canon is popular brand and that particular camera supports USB and Wi-Fi. Itkin was able to hijack the camera using PTP or Picture Transfer Protocol, which is commonly used by cameras to connect to a computer and if usually not encrypted. The report states that the ransomware can be uploaded to the camera through USB (provided the host computer already has the malware) or by directly tapping into the camera’s inbuilt Wi-Fi (provided your close enough to the camera). Itkin even put up a short video, demonstrating how this can be easily done over Wi-Fi.
Now, unlike our phones and laptops which can have a lot of our sensitive information such as you home address or credit card details, your camera won’t. However, it will have photos of you family vacation and others that you might not want the world to see. By installing the ransomware, hackers can encrypt your photos so the only way to access it would be via a decryption key, for which, they could demand a certain sum of money. Depending on how sensitive or badly you want the photos, victims would probably be willing to pay up.
Itkins reached out to Canon regarding this vulnerability back in March and now that this report is made public, Canon has issued a statement warning users to avoid connecting their cameras to open public networks and to disable Wi-Fi when not needed. The hack as so far proven to work on a Canon camera, but there is a good chance that other cameras, from other manufacturers, could be vulnerable too.