Security News > 2020 > July > Researchers Reveal New Security Flaw Affecting China's DJI Drones
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers.
"Given the wide permissions required by DJI GO 4 - contacts, microphone, camera, location, storage, change network connectivity - the DJI or Weibo Chinese servers have almost full control over the user's phone."
A "Shady" Self-Update Mechanism GRIMM said the research was undertaken in response to a security audit requested by an unnamed defense and public safety technology vendor that sought to "Investigate the privacy implications of DJI drones within the Android DJI GO 4 application."
DJI Pushes Back Against the Findings Calling the findings "Typical software concerns," DJI disputed the research, stating it contradicts "Reports from the U.S. Department of Homeland Security, Booz Allen Hamilton and others that have found no evidence of unexpected data transmission connections from DJI's apps designed for government and professional customers."
DJI is the world's largest maker of commercial drones and has faced increased scrutiny alongside other Chinese companies over national security concerns, leading the U.S. Department of the Interior to ground its fleet of DJI drones earlier this January.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/H5zXjflhH_g/dji-drone-hacking_24.html
Related news
- Is Lenovo a blind spot in US anti-China security measures? (source)
- Tired of airport security queues? SQL inject yourself into the cockpit, claim researchers (source)
- Researchers find SQL injection to bypass airport TSA security checks (source)
- Security Researcher Sued for Disproving Government Statements (source)