Hacked the drone - get grandma: DJI pays hackers for found vulnerabilities

    image

    DJI, the world leader in drones production, announced that he was ready to pay from $ 100 to $ 30,000 for the “vulnerabilities” found. While the site with a detailed description of the “hunt for bugs” in development, write about the holes found should be sent to the post office - bugbounty@dji.com

    DJI Technical Standards Director said Walter Stokkel said that instead of fighting hackers, you need to use them achievements to jointly move towards a common goal within the company's mission.

    “I’m sure, Monsignor, finally understood.”
    - “Slum Saints”

    In fact, the DJI leadership began to move after several loud jambs with cyber-vulnerabilities and a "ban" from the US military.

    Military


    Recall that recently the American warriors realized that the drones are Chinese and the whole infa is processed in a potential enemy under control.

    Senior US military ordered to remove all the drones from DJI, remove all the applications of this company, remove the batteries and storage devices from the devices .

    The response of DJI to satisfy the military is to create an offline mode when data from the drone is not transmitted to the cloud.

    “We are pleased to work with various organizations directly, including the US Army, which has concerns about cyber security. We will try to contact the US Army in order to clarify this situation and find out what is meant when the military speak of "cyber vulnerabilities." - say PR DJs.

    Civilian


    Even civilian hackers of a person find vulnerabilities in batches.

    Kevin Finistère reported a vulnerability that allows remote access to the DJI Go application and tracking the GPS coordinates of users.

    Lanier Watkins from Johns Hopkins University said that he (we read: his students) found at least three vulnerabilities in DJI products in a year and a half, but DJI did not respond to their bug reports.

    The most adventurous bug seekers (Russians) even do business on it . They release the drones "from the shackles" that their manufacturers have hung on them.

    "... now they are out of work, since their entire set of hacks (for altitude, for no-fly zones and for speed limits) can now be installed for free and not spend $ 600."
    - the user writes lohmatij in the comments .

    Ultimatum from DJI


    DJI's counter strike is a software update order for Spark drones that prevents jailbreaks and the removal of potentially cracked older firmware versions from everywhere. Until September 1, the notice can be ignored, but at midnight the drone will turn into a pumpkin.


    The new version of the firmware corrected errors in the management. So, now the connection to the device is more stable, and the battery can reduce power consumption during flight.
    To update the firmware, you can use the DJI GO 4 mobile application or the Assistant 2 program.

    Bug bounty


    Bug Bounty is a flash mob for hackers and those who consider themselves so.

    image

    People can be recognized and rewarded for finding bugs, especially for exploits and vulnerabilities.

    Bug Bounty will allow developers to detect and fix bugs before the general public finds out about them, preventing incidents of massive abuse. Bug bounty programs were implemented by Facebook, Yahoo !, Google, Reddit, Microsoft, Pentagon, etc.

    If you find a serious bug in the DJI firmware, now you can absolutely honestly get your deserved $ 100 instead of climbing exploit exchanges in the darknet and try to push your find for hundreds of bitcoins.


    Also popular now: