News

Camera images DJI drones were temporarily vulnerable to malicious parties

By admin
Spread the love

Drone builder DJI’s infrastructure has been vulnerable for some time, allowing potential attackers to access camera images and other data belonging to DJI users. The leak, uncovered by Check Point Research, has since been patched.

The vulnerability was discovered in the DJI Forum user identification process. Researchers from Check Point, a provider of IT security services, noticed that DJI’s platforms used a cookie to identify registered users. With such a cookie, an unauthorized person could generate a so-called ticket or token, with which he can easily access the accounts on the forum.

DJI users who had their flight data, photos and videos synced to DJI’s servers were left vulnerable. Malicious persons could also access live camera images and maps from business users of the DJI FlightHub software. The leak has since been patched and there is no evidence that it was actually abused, according to Check Point.

“We applaud the expertise Check Point researchers have shown in disclosing a potentially critical vulnerability,” said Mario Rebello, DJI vice president and country manager of North America. According to Rebello, this is exactly why DJI created the bug bounty program, which encourages security researchers and hackers to detect programming errors.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

ASUS will produce and support NUC mini PCs after Intel exit