Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?


IoT Security

Researchers Demonstrate Ransomware Attack on DSLR Camera

Camera ransomware

Researchers at cybersecurity firm Check Point have demonstrated that malicious actors could hack a DSLR camera and infect it with a piece of ransomware.

Camera ransomware

Researchers at cybersecurity firm Check Point have demonstrated that malicious actors could hack a DSLR camera and infect it with a piece of ransomware.

Modern cameras are embedded devices that run sophisticated software designed to improve functionality and image quality. They can be connected to a computer or mobile phone through USB or Wi-Fi.

While these connectivity options provide many benefits, they also introduce an attack vector which, as researchers from Check Point demonstrated, can be leveraged to deliver a piece of ransomware that holds the photos stored on the device for ransom.

The experts conducted their tests on a Canon EOS 80D DSLR camera and the Picture Transfer Protocol (PTP) it uses.

Developed by the International Imaging Industry Association, PTP is designed for transferring images from the camera to a computer, but it also provides capabilities designed for controlling the camera’s functionality and updating its firmware.

The researchers started by obtaining the camera firmware and decrypting it. They then analyzed Canon’s implementation of PTP and uncovered several buffer overflow vulnerabilities, including ones that could be exploited for arbitrary code execution, and a weakness that allows an attacker to push a malicious firmware to the device without any user interaction.

The security holes are tracked as CVE-2019-5994, CVE-2019-5995, CVE-2019-5998, CVE-2019-5999, CVE-2019-6000 and CVE-2019-6001.

Advertisement. Scroll to continue reading.

Some of these vulnerabilities can be exploited to take control of a camera and install a piece of ransomware that encrypts all the files on the SD card and displays a ransom message to the victim on the camera’s screen.

An attacker can targeted the camera either via USB, by compromising the computer it’s connected to, or via Wi-Fi, by setting up a rogue access point that has the same name as a Wi-Fi connection the camera automatically connects to.

“Although the tested implementation contains many proprietary commands, the protocol is standardized, and is embedded in other cameras. Based on our results, we believe that similar vulnerabilities can be found in the PTP implementations of other vendors as well,” Check Point researchers explained.

Check Point reported the vulnerabilities it found to Canon in late March and in July it confirmed that the vendor’s patches were good.

In an advisory published last week, Canon advised customers to install the firmware that addresses the vulnerabilities, and provided some recommendations for mitigating potential threats, such as disabling the camera’s network functions when not needed, downloading firmware only from the official website, and only connecting the camera to trusted devices.

Canon has highlighted that there is no evidence that the vulnerabilities have been exploited in the wild.

Related: Critical Flaws Expose 400 Axis Cameras to Remote Attacks

Related: Vulnerability Gives Attackers Remote Access to Zoom Users’ Cameras

Related: Researchers Replace IP Camera Feed With Fake Footage

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.