A Chinese developer has exposed DJI’s AES private keys by posting them onto Github in plain text. By doing this, he made it easy to decrypt DJI’s encrypted flight control firmware. So, when it was discovered, it sent the man to jail and he’ll have to pay a fine of nearly $30,000.
The Register writes that the developer’s name is Li Zhanbin. He was reportedly prosecuted in early April and sentenced to six months in jail. In addition, he’ll have to pay the previously mentioned $30,000 fine (200,000 yuan) for the damage he caused to DJI, which is allegedly 1,164 million yuan or nearly $173,000.
According to the same source, Zhanbin admitted himself that he shared four repositories named “spray-system”, “Management-platform”, “real_time_serve_v1” and “real_time_serve”. He reportedly claimed that he did it unintentionally. Still, he was dismissed from DJI in January 2018, as he wrote on Twitter and The Register reported. He was charged with infringement of trade secrets, despite claiming that he didn’t do it on purpose.
When contacted by The Register regarding the matter, a DJI spokesman reportedly didn’t have a comment. “DJI does not comment on legal matters involving current or former employees. Our company policy is that we do not discuss specific employment issues in the media,” they said. Still unintentionally or on purpose, this developer made it simple to bypass geofencing and other performance restrictions, which could have led (and perhaps id did) to many malicious uses of DJI drones.
[via The Register]