Researchers have discovered that some DSLRs and mirrorless cameras are actually vulnerable to ransomware attacks.



Once in range of your camera's WiFi, a bad actor could easily install malware that would encrypt your valuable photos unless you paid for a decryption key.

Eyal Itkin, the researcher behind the Check Point Security report, says:

"From an attacker's perspective, the PTP layer looks like a great target (because) PTP is an unauthenticated protocol that supports dozens of different complex commands.
Vulnerability in PTP can be equally exploited over USB and over WiFi and the WiFi support makes our cameras more accessible to nearby attackers."

Itkin chose the Canon EOS 80D as his 'victim', and the end result was that six vulnerabilities were found when the EOS 80D's firmware was reverse engineered:

  • CVE-2019-5994 – Buffer Overflow in SendObjectInfo (opcode 0x100C)
  • CVE-2019-5998 – Buffer Overflow in NotifyBtStatus (opcode 0x91F9)
  • CVE-2019-5999– Buffer Overflow in BLERequest (opcode 0x914C)
  • CVE-2019-6000– Buffer Overflow in SendHostInfo (opcode0x91E4)
  • CVE-2019-6001– Buffer Overflow in SetAdapterBatteryReport (opcode 0x91FD)
  • CVE-2019-5995 – Silent malicious firmware update

https://www.youtube.com/watch?v=75fVog7MKgg

For technical details, please refers to https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/.


References