UPDATED 21:32 EST / NOVEMBER 08 2018

SECURITY

DJI vulnerability could have allowed hackers to steal drone data

A vulnerability on a website for drone company Dà-Jiāng Innovations Science and Technology Co. Ltd. or DJI could have allowed hackers to steal customer data including confidential information, according to a newly published report.

The vulnerability, revealed Thursday by security researchers at Check Point Software Technologies Ltd., involves access to a forum DJI runs for discussions about its products. Users logged into the forum, then tricked into clicking on a malicious link, could have had their login credentials stolen to allow access to other DJI online assets.

Those assets include flight logs, photos and videos generated during drone flights if a DJI user had synced them with DJI’s cloud servers; a live camera view and map view during drone flights, if a DJI user were using DJI’s FlightHub flight management software; and information associated with a DJI user’s account, including user profile information.

Obviously a privacy concern, the vulnerability may have also been a national security concern. DJI has an estimated 74 percent market share of the drone market and is popular among all market segments, including government and private businesses.

“Drones are increasingly used in the corporate landscape, with customers coming from the critical infrastructure, manufacturing, agricultural, construction, emergency management, government agencies, military and other sectors,” Check Point said in a separate blog post. “Whereas previous concerns regarding the security of drones … focused on the hijacking of the drone itself, often referred to as ‘dronejacking,’ or using these unmanned aerial vehicles (UAVs) to fly over sensitive locations such as the White House, our research uncovered a simpler and perhaps more serious threat to an organization’s data – a customer account takeover.”

Check Point discovered the vulnerability in March and reported it to DJI via its bug bounty program. After classifying it as high-risk but low-probability, the vulnerability was patched. DJI said it could find no evidence that the vulnerability was exploited.

Photo: Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU

Cookies

We employ the use of cookies. Find out more.