Security News > 2020 > July > DJI Drone App Riddled With Privacy Issues, Researchers Allege
The privacy issues were discovered in the DJI GO 4 application, which is the complementary app used to control DJI drones.
Researchers with Synacktiv found several concerning privacy issues,, which were then independently confirmed by researchers with GRIMM. "The DJI GO 4 application contains several suspicious features as well as a number of anti-analysis techniques, not found in other applications using the same SDKs," according to researchers with GRIMM, in a Thursday post.
"Given the wide permissions required by DJI GO 4, the DJI or Weibo Chinese servers have almost full control over the user's phone. This way of updating an Android App or pushing a new app completely circumvents Google feature module delivery or in-app updates."
DJI for its part said that the MobTech and Bugly components identified by researchers were previously removed from DJI flight control apps after earlier researchers identified potential security flaws in them.
"Again, there is no evidence they were ever exploited, and they were not used in DJI's flight control systems for government and professional customers," said DJI. DJI also encouraged researchers to utilize its bug bounty program, which was previously launched in 2017, to "Responsibly disclose security concerns about our products." Previously, the drone maker faced security issues when it patched a cross-site scripting bug impacting its forums that could have allowed a hacker to hijack user accounts and gain access to sensitive online data, ranging from flight images, bank card data, flight records and even real time camera images.
News URL
https://threatpost.com/dji-drone-app-riddled-with-privacy-issues-researchers-allege/157730/