Camera images DJI drones were temporarily vulnerable to malicious parties

Spread the love

Drone builder DJI’s infrastructure has been vulnerable for some time, allowing potential attackers to access camera images and other data belonging to DJI users. The leak, uncovered by Check Point Research, has since been patched.

The vulnerability was discovered in the DJI Forum user identification process. Researchers from Check Point, a provider of IT security services, noticed that DJI’s platforms used a cookie to identify registered users. With such a cookie, an unauthorized person could generate a so-called ticket or token, with which he can easily access the accounts on the forum.

DJI users who had their flight data, photos and videos synced to DJI’s servers were left vulnerable. Malicious persons could also access live camera images and maps from business users of the DJI FlightHub software. The leak has since been patched and there is no evidence that it was actually abused, according to Check Point.

“We applaud the expertise Check Point researchers have shown in disclosing a potentially critical vulnerability,” said Mario Rebello, DJI vice president and country manager of North America. According to Rebello, this is exactly why DJI created the bug bounty program, which encourages security researchers and hackers to detect programming errors.

Facebook Notice for EU! You need to login to view and post FB Comments!
You might also like