German research finds security flaws in four leading DJI drones

DJI drones security

German researchers say they’ve found security gaps in four models of DJI drones – albeit not the kind that US politicians have claimed to justify placing the company’s craft on federal blacklists.

Continue Reading

Security researcher exposes DJI customer data, walks away from $30k bug bounty and posts his story online

Security researcher Kevin Finisterre recently found a security flaw that allowed him to access personal data from DJI’s customers on servers from the Chinese drone manufacturer. Finisterre used DJI’s recently launched Bug Bounty program to report his findings. This resulted in many emails being sent back and forth between the researcher and the drone company’s legal department about the scope of DJI’s Bug Bounty program and other legalities. In the end, Finisterre felt threatened and concluded he could not sign DJI’s document. He then decided to not only forgo the 30,000 top reward but also to go public with his story in an 18-page PDF titled: “Why I walked away from $30,000 of DJI bounty money.

Continue Reading

Hackers make thousands of dollars through DJI “Bug Bounty” program

Late in August DJI launched their “Bug Bounty” program after hackers had been able to bypass DJI’s geo-fencing. Around the same time, the US army stopped using DJI’s products because of ‘cyber vulnerabilities’. Apparently, the program has been quite the success and DJI is now planning to make the first payouts, according to DroneLife. The combined payout is in excess of $30,000 to multiple researchers.

Continue Reading