Check Point Researchers Rectify Vulnerability in DJI’s User Identification Process

Our Bureau
11:53 AM, November 13, 2018
3007

Phantom 3 advanced drone (image: DJI)

DJI and Check Point Researchers shared details of a potential vulnerability in the user identification process within DJI’s online Forum that could have enabled an attacker to gain access to user's account.

In a report submitted in accordance with DJI's Bug Bounty Program, Researchers discovered that DJI's platforms used a token to identify registered users across different aspects of the customer experience, making it a target for hackers looking for ways to access accounts.

DJI consumer users who had synced their flight records, including photos, videos and flight logs to DJI's cloud servers, and DJI corporate users who used DJI FlightHub software, which includes a live camera, audio and map view, could have become vulnerable, had it not been rectified, Check Point said in a statement on Tuesday.

Check Point Researchers Rectify Vulnerability in DJI’s User Identification Process

US Air Force Requisitions Chinese Origin DJI Drones

China Rubbishes Reports of Laser Attacks from its Djibouti Base

US Marines Harrier Fighter Jet Crashes in Djibouti

Chinese Army Conducts Live-fire Exercise Using Armored Vehicles at Djibouti Base

Development Trends in Unmanned Surface Vessels

Have Iran-Israel Missile Attacks Enabled Mutual Deterrence?

Free Flight to Russian Hypersonic Missiles as America's Own Hypersonics Program Delayed to 2027

Counter-trade, Undisclosed Deals May be Masking Russia’s Arms Export Numbers

China’s “Moderate” 2024 Defense Budget Hides Frenetic Military Build-up

Battle of Counter-Drone SAMs- Raytheon's Coyote Vs. Russian Pantsir-S1