Home > Hardware > Drones > DJI Drones Exposed Users Private Data

DJI Drones Exposed Users Private Data

DJI, a manufacturer of some of the most popular quadcopter drones in the market, inadvertently exposed users data, including flight records, user account information, camera, microphone, and live feed reveals to a report from security firm Check Point.

DJI has since patched the vulnerability in its systems that could have revealed user’s real-time drone location and a live camera feed while the drone was in flight.

Before this report, DJI set up a bug bounty program, which it launched in August 2017, offering rewards to researchers who disclose potential vulnerabilities to their properties in order to improve their security reputation.

Check Point discovered this particular vulnerability and reported it to the dedicated bug bounty program but did not accept a reward for finding the vulnerability.

Their researchers discovered if a user signed in to any one of the three DJI cloud-based platforms — the web platform, GO/4/pilot mobile application, or Flighthug — the DJI backend used that identifier token to provide access to all three platforms to the user.

However, a hacker would still require a special cookie in order to completely take over an account.

Unfortunately, Check Point uncovered the second issue in DJI’s popular customer forums platform which researchers believe wouldn’t be difficult to post malicious links and trick people into clicking.

Using these issues together, a potential attacker could identify users and learn their information, steal the cookie needed to complete the authentication, log into their own DJI account, and then swap in a victim’s token and cookies so the hacker takes on the identity of the victim and has full access to their account.

DJI did their due diligence in resolving the issues. Check Point’s testing reveals that DJI completely reworked their system’s processes to fix the bugs and furthermore improved their security.

Whether this will assure current users or potential new users is uncertain.



You may also like
DJI Flip
DJI Launches Lightweight Foldable Drone
Uber Fined $478 Million For ‘Serious’ Data Breaches
DJI Amflow PL (Image: Sourced from Amflowbikes website)
DJI’s First-Ever E-Bike Brand Amflow Coming To Oz
DJI’s First ‘Pro’ Action Camera Could Be The Osmo Action 5 Pro
GoPro Shares Down 58%, DJI Ban Tipped To Help Sales In 2024

Popular Posts

Chipmakers Samsung And SK Hynix Face Uncertain Future
Latest News
/
/
Lenovo concept laptop. Image: Evan Blass/Substack
Lenovo Leaks Another Crazy Dual-Screen Laptop
Latest News
/
/
Google Chrome
Google Rolls Out AI-Powered Security Update For Chrome
Latest News
/
/
Disney Hikes Subscription Prices Ahead Of ESPN Arrival
Latest News
/
/
Nintendo Alarmo Available To Pre-Order At JB Hi-Fi
Latest News
/
/

Digital Magazines

Recent Post

Chipmakers Samsung And SK Hynix Face Uncertain Future
Latest News
/
//
Comments are Off
Global semiconductor companies which are already cutting billions of dollars in planned capital spending as a result of softening demand...
Read More