DJI and Check Point Researchers shared details of a potential vulnerability in the user identification process within DJI’s online Forum that could have enabled an attacker to gain access to user's account.
In a report submitted in accordance with DJI's Bug Bounty Program, Researchers discovered that DJI's platforms used a token to identify registered users across different aspects of the customer experience, making it a target for hackers looking for ways to access accounts.
DJI consumer users who had synced their flight records, including photos, videos and flight logs to DJI's cloud servers, and DJI corporate users who used DJI FlightHub software, which includes a live camera, audio and map view, could have become vulnerable, had it not been rectified, Check Point said in a statement on Tuesday.