DIY Photography

Your one stop shop for everything photo-video

  • News
  • Inspiration
  • Reviews
  • Tutorials
  • DIY
  • Gear
Search

Submit A Story

DJI offer $30,000 bounty to hack its products and find security threats

Aug 29, 2017 by John Aldred Add Comment

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Well, I guess now we know why the US Army pulled all of its DJI products from service. DJI have removed the JPush plugin from the DJI Go and DJI Go 4 apps. It turns out that it had been collecting user data without its knowledge. Not without the user’s knowledge, without DJI’s knowledge. DJI blame the third party developer who created the JPush plugin.

The Verge reports that JPush wouldn’t have needed to collect a lot of  data to do its job. But DJI say the app actually collected personal information, including a list of apps installed on the user’s Android device. In addition to this update, they’ve also announced a bug bounty programme rewarding up to $30,000 for those who can find exploits in their systems.

The JPush plugin was designed to provide smooth delivery of push notifications to Android devices once videos had completed the upload to DJO’s branded photo & video sharing platform, Skypixel. But it was doing far more than that, recording and reporting back personal information.

Many balked when DJI recently announced “Local Mode” that will let you fly your drone without Internet data on your mobile device. This seems to justify those privacy concerns. It’s obviously something that DJI are taking very seriously. Whether or not this particular issue is what the US Army declared as “Cyber Vulnerabilities” three weeks ago is unclear, but it would explain the move.

DJI have also removed its “hot-patching” plugins, jsPatch for iOS and Tinker for Android. These let the DJI update elements of their drone apps without having to update the entire app.

While DJI blame the third party company who maintain the plugin for the issue, it is ultimately their responsibility. They really should check the systems they distribute through their own platform. But, it is nice to see them taking things seriously enough to offer a bounty for those that can identify security issues and exploits within their system.

[via The Verge]

FIND THIS INTERESTING? SHARE IT WITH YOUR FRIENDS!

  • Share
  • Tweet
  • Flipboard
  • WhatsApp

Related posts:

Biker shooting a 20 stairs BMX jump confronts security and removes security cart (with guard) from road Hacker Uses Photographs To Hack German Defense Minister’s Fingerprints. Brings Attention To Security Failures Huntress Receives Death Threats After a Photo of Her Smiling Next to a Dead Giraffe Goes Viral Photographer Receives Death Threats After Sharing a Gay Pride Re-creation of Historic Photo

Filed Under: news Tagged With: dji, DJI Go, DJI Go 4, drones, security

John Aldred: from diyphotography.net

About John Aldred

John Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

« The first review of the Godox A1 mobile phone flash trigger is out, and it looks quite good
How to turn smoke into low lying fog for your next spooky photo shoot »

Submit A Story

Get our FREE Lighting Book

DIYP lighting book cover

* download requires newsletter signup

Recent Comments

Free Resources

Advanced lighting book

Learn photography

Recent Posts

  • This year’s Nature TTL POTY winner puts global warming right in our faces
  • TTArtisan announces super-low-budget 500mm f/6.3 super telephoto lens
  • NASA reveals five photos of space objects invisible to human eye
  • Tamron’s 17-50mm f/4 Di III VXD lens ships in October
  • Facebook now lets you (legally) have multiple profiles

Udi Tirosh: from diyphotography.netUdi Tirosh is an entrepreneur, photography inventor, journalist, educator, and writer based in Israel. With over 25 years of experience in the photo-video industry, Udi has built and sold several photography-related brands. Udi has a double degree in mass media communications and computer science.

Alex Baker: from diyphotography.netAlex Baker is a portrait and lifestyle driven photographer based in Valencia, Spain. She works on a range of projects from commercial to fine art and has had work featured in publications such as The Daily Mail, Conde Nast Traveller and El Mundo, and has exhibited work across Europe

David Williams: from diyphotography.netDave Williams is an accomplished travel photographer, writer, and best-selling author from the UK. He is also a photography educator and published Aurora expert. Dave has traveled extensively in recent years, capturing stunning images from around the world in a modified van. His work has been featured in various publications and he has worked with notable brands such as Skoda, EE, Boeing, Huawei, Microsoft, BMW, Conde Nast, Electronic Arts, Discovery, BBC, The Guardian, ESPN, NBC, and many others.

John Aldred: from diyphotography.netJohn Aldred is a photographer with over 20 years of experience in the portrait and commercial worlds. He is based in Scotland and has been an early adopter - and occasional beta tester - of almost every digital imaging technology in that time. As well as his creative visual work, John uses 3D printing, electronics and programming to create his own photography and filmmaking tools and consults for a number of brands across the industry.

Dunja Djudjic: from diyphotography.netDunja Djudjic is a multi-talented artist based in Novi Sad, Serbia. With 15 years of experience as a photographer, she specializes in capturing the beauty of nature, travel, and fine art. In addition to her photography, Dunja also expresses her creativity through writing, embroidery, and jewelry making.

Copyright © DIYPhotography 2006 - 2023 | About | Contact | Advertise | Write for DIYP | Full Disclosure | Privacy Policy