The researchers looked at the Canon EOS 80D because it has both USB and Wi-Fi connectivity, as well as an extensive modding community which provides open source software for the camera.
Researchers found that for users transferring photos via public WiFi networks, attackers in close proximity to the camera could "easily" establish a rogue WiFi access point by sniffing the internet network and then bearing the same name as the one used by the camera to automatically connect, thereby enabling hackers to infect the device with malware and ransomware.
Check Point singled out the Canon EOS 80D, releasing a video demonstrating how easy it is to exploit holes in the standard Picture Transfer Protocol (used to transfer files from cameras to PCs) to infect the camera and computer. Once they had control, they were able to install "ransomware," encrypting all of the photos on the SD card and holding them hostage until and unless the victim pays a sum of money (usually in cryptocurrency) to receive the encryption key and unscramble their images. Though Check Point's research only examined the flaw in Canon cameras, cameras from other manufacturers could be affected as well.
Unless photography is your career, photos might not seem like the juiciest ransomware target, but in terms of sentimental value, they can be right up there as the researchers note.
"As PTP is widely used by all digital camera vendors, we do believe that similar vulnerabilities will affect other vendors as well", Itkin said. But while this particular model was chosen for the experiment, researchers warn that any internet-connected digital camera could be vulnerable to the attacks.
It advises users to avoid connecting to an unsecured network such as free Wi-Fi spots, disabling the camera's network functions when not in use, and updating the official firmware via a download from Canon's website. Canon has since issued a new security patch for the affected cameras, which owners can read about here.
"At this point, there have been no confirmed cases of these vulnerabilities being exploited to cause harm", Canon said in the update published on August 6. Instead, the researchers contacted Canon about the vulnerability back in late March, well ahead of the Def Con reveal, allowing the company to release a firmware update for the 80D last week.
The full research report into the vulnerabilities is available from Check Point.