Home > Hardware > Drones > Is DJI Drone Data Safe? Server Hack Revealed.

Is DJI Drone Data Safe? Server Hack Revealed.

Drone maker DJI claims their servers have been hacked, a move that could affect thousands of Australian drone owners.

The unauthorised attack is of concern as GPS, location tracker information is held on DJI servers.

Kevin Finisterre claims that he accessed confidential customer data after finding a private key publicly posted on code-sharing site Github.

He approached the firm, which offers a “bug bounty” reward of up to $30,000 for security weaknesses discovered in its systems.

DJI said the server access was “unauthorised”.

The data Mr Finisterre was able to see included “unencrypted flight logs, passports, drivers licences and identification cards”, he said.

Despite initially offering him the money, in a statement DJI has now accused Mr Finisterre of refusing to agree to the terms of its bug bounty programme “which are designed to protect confidential data and allow time for analysis and resolution of a vulnerability before it is publicly disclosed”.

It added: “DJI takes data security extremely seriously, and will continue to improve its products thanks to researchers who responsibly discover and disclose issues that may affect the security of DJI user data and DJI’s products.”

It added that it would continue to pay bug bounties in exchange for reports.

Mr Finisterre, an independent security researcher, said DJI tried to make him sign a non-disclosure agreement.

He also published an email from DJI telling him that security issues with servers were included in the bug bounty programme.

‘Freedom of speech’

He said it was almost a month after he sent his report before the full terms were shared with him, and that he believed they “posed a direct conflict of interest to many things including my freedom of speech”.

One of the clauses stated that he could not publicly disclose his research without written consent from DJI, according to emails from the firm he has published in his report.

Typically, security researchers will share their findings with a company, give the firm a time frame in which to fix identified bugs, and then publish their work.

The bug bounty scheme is offered by many large tech firms as an incentive for people to share security weaknesses rather than exploit them.

Cyber-security expert Prof Alan Woodward from Surrey University said DJI’s actions were “outrageous”.

“Cyber-security is one of those areas where there is no government organisation or central body or standards agency holding these people to account. It’s ethical hackers and security researchers,” he said.
“The public has a right to know when there’s a security problem.”



You may also like
DJI Amflow PL (Image: Sourced from Amflowbikes website)
DJI’s First-Ever E-Bike Brand Amflow Coming To Oz
DJI’s First ‘Pro’ Action Camera Could Be The Osmo Action 5 Pro
GoPro Shares Down 58%, DJI Ban Tipped To Help Sales In 2024
Is DJI Set To Debut The Osmo Action 5 Pro?
US Public Safety Agencies Disagree With Security Concerns Around DJI’s Drones

Popular Posts

Tesla’s New Robotaxi Has No Steering Wheel Or Pedals
Latest News
/
/
Card payments (Image: Sourced from Unsplash)
Card War Looming As Retailers Push Back Against Extortionate Fees
Latest News
/
/
Apple Mac Sales Are Plunging
Latest News
/
/
YouTube Says Skip Button To Stay, But For How Many Ads?
Latest News
/
/
Google Australia Sydney Office
Google Hurtling Towards Historic Forced Breakup
Latest News
/
/

Digital Magazines

Recent Post

Tesla’s New Robotaxi Has No Steering Wheel Or Pedals
Latest News
/
//
Comments are Off
At a splashy event in California, Elon Musk has showcased an all-new fully autonomous robotaxi with gull-wing doors that surprisingly...
Read More