Chinese developer arrested after compromising every single drone by ‘accidentally’ posting DJI’s private keys on Github

Apr 30, 2019

Dunja Djudjic

Dunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Chinese developer arrested after compromising every single drone by ‘accidentally’ posting DJI’s private keys on Github

Apr 30, 2019

Dunja Djudjic

Dunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Join the Discussion

Share on:

A Chinese developer has exposed DJI’s AES private keys by posting them onto Github in plain text. By doing this, he made it easy to decrypt DJI’s encrypted flight control firmware. So, when it was discovered, it sent the man to jail and he’ll have to pay a fine of nearly $30,000.

The Register writes that the developer’s name is Li Zhanbin. He was reportedly prosecuted in early April and sentenced to six months in jail. In addition, he’ll have to pay the previously mentioned $30,000 fine (200,000 yuan) for the damage he caused to DJI, which is allegedly 1,164 million yuan or nearly $173,000.

According to the same source, Zhanbin admitted himself that he shared four repositories named “spray-system”, “Management-platform”, “real_time_serve_v1” and “real_time_serve”. He reportedly claimed that he did it unintentionally. Still, he was dismissed from DJI in January 2018, as he wrote on Twitter and The Register reported. He was charged with infringement of trade secrets, despite claiming that he didn’t do it on purpose.

When contacted by The Register regarding the matter, a DJI spokesman reportedly didn’t have a comment. “DJI does not comment on legal matters involving current or former employees. Our company policy is that we do not discuss specific employment issues in the media,” they said. Still unintentionally or on purpose, this developer made it simple to bypass geofencing and other performance restrictions, which could have led (and perhaps id did) to many malicious uses of DJI drones.

[via The Register]

Filed Under:

Tagged With:

Find this interesting? Share it with your friends!

Dunja Djudjic

Dunja Djudjic

Dunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Join the Discussion

DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.

Leave a Reply

Your email address will not be published. Required fields are marked *

7 responses to “Chinese developer arrested after compromising every single drone by ‘accidentally’ posting DJI’s private keys on Github”

  1. Nelson Chua Avatar
    Nelson Chua

    Not sure how much **damage** this caused DJI considering they’d been releasing flaky software starting from the early years to the present AND likely been snooping on end users ditto.

    1. MysterySheepdog Avatar
      MysterySheepdog

      Sadly, I agree.

  2. The Guy Named Chris Avatar
    The Guy Named Chris

    I wonder if no limit drones made use of these in their app that removes flight restrictions on the M2P and M2Z. I like the drone, but not the way that the restrictions are implemented.

  3. MysterySheepdog Avatar
    MysterySheepdog

    My brand new Mavic Air isn’t nearly as fun as my Phantom 3 was.
    So DJI I am a bit disappointed in you, and that Mavic cost me twice as much too.

    1. Riley Avatar
      Riley

      Well that’s a given. the reason why I switched from phantom 3 was because it was to big to carry around. So I wanted something smaller. if you want something don’t do mavic air or spark do mavicpro and up.

    2. Mr Nobody Avatar
      Mr Nobody

      Just turn on the Sports mode. You’re welcome

  4. Alan Avatar
    Alan

    Erm, does this mean we’ll be seeing the means to get rid of the silly range restrictions? Asking for a friend.