Security News > 2020 > July > Researchers Reveal New Security Flaw Affecting China's DJI Drones
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers.
"Given the wide permissions required by DJI GO 4 - contacts, microphone, camera, location, storage, change network connectivity - the DJI or Weibo Chinese servers have almost full control over the user's phone."
A "Shady" Self-Update Mechanism GRIMM said the research was undertaken in response to a security audit requested by an unnamed defense and public safety technology vendor that sought to "Investigate the privacy implications of DJI drones within the Android DJI GO 4 application."
DJI Pushes Back Against the Findings Calling the findings "Typical software concerns," DJI disputed the research, stating it contradicts "Reports from the U.S. Department of Homeland Security, Booz Allen Hamilton and others that have found no evidence of unexpected data transmission connections from DJI's apps designed for government and professional customers."
DJI is the world's largest maker of commercial drones and has faced increased scrutiny alongside other Chinese companies over national security concerns, leading the U.S. Department of the Interior to ground its fleet of DJI drones earlier this January.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/H5zXjflhH_g/dji-drone-hacking_24.html
Related news
- Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries (source)
- China’s infosec leads accuse Intel of NSA backdoor, cite chip security flaws (source)
- WeChat devs introduced security flaws when they modded TLS, say researchers (source)
- Tesla, Intel, deny they're the foreign company China just accused of making maps that threaten national security (source)
- Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)