Security Flaws Created Potential For Hackers to Access DJI Drone Users’ Accounts
SAN CARLOS, Calif., Nov. 08, 2018 (GLOBE NEWSWIRE) -- Researchers at Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, and DJI, the world’s leader in civilian drones and aerial imaging technology, today shared details of a potential vulnerability that could have impacted DJI’s infrastructure, if exploited.
In a report submitted in accordance with DJI’s Bug Bounty Program, Check Point Research outlined the process in which an attacker could have potentially gained access to a user’s account through a vulnerability discovered in the user identification process within DJI Forum, a DJI-sponsored online forum about DJI products. Check Point’s researchers discovered that DJI’s platforms used a token to identify registered users across different aspects of the customer experience, making it a target for hackers looking for ways to access accounts.
DJI consumer users who had synced their flight records, including photos, videos and flight logs to DJI’s cloud servers, and DJI corporate users who used DJI FlightHub software, which includes a live camera, audio and map view, could have become vulnerable. This vulnerability has since been patched and there is no evidence it was ever exploited.
“We applaud the expertise Check Point researchers demonstrated through the responsible disclosure of a potentially critical vulnerability,” said Mario Rebello, Vice President and Country Manager, North America at DJI. “This is exactly the reason DJI established our Bug Bounty Program in the first place. All technology companies understand that bolstering cyber security is a continual process that never ends. Protecting the integrity of our users’ information is a top priority for DJI, and we are committed to continued collaboration with responsible security researchers such as Check Point.”
“Given the popularity of DJI drones, it is important that potentially critical vulnerabilities like this are addressed quickly and effectively, and we applaud DJI for doing just that,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point. “Following this discovery, it is important for organizations to understand that sensitive information can be used between all platforms and, if exposed on one platform, can lead to compromise of global infrastructure.”
DJI engineers reviewed the report submitted by Check Point and, in accordance with its Bug Bounty Policy, marked it as high risk/low probability. This is due to a set of preconditions that need to be met before a potential attacker could exploit it. DJI customers should always use the most current version of the DJI GO or GO 4 pilot apps.
Check Point and DJI advise all users to remain vigilant whenever exchanging information digitally. Always practice safe cyber habits when engaging with others online, and question the legitimacy of links to information seen on user forums and websites.
A full technical analysis of this vulnerability is available from the Check Point Research blog: https://research.checkpoint.com/dji-drone-vulnerability/
Follow Check Point via:
Twitter: http://www.twitter.com/checkpointsw
Facebook: https://www.facebook.com/checkpointsoftware
Blog: http://blog.checkpoint.com
YouTube: http://www.youtube.com/user/CPGlobal
LinkedIn: https://www.linkedin.com/company/check-point-software-technologies
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Its solutions protect customers from cyber-attacks with an industry leading catch rate of malware, ransomware and other types of attacks. Check Point offers a multilevel security architecture that defends enterprises’ cloud, network and mobile device held information, plus the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.
About DJI
DJI is a global leader in developing and manufacturing civilian drones and aerial imaging technology for personal and professional use. DJI was founded and is run by people with a passion for remote-controlled helicopters and experts in flight-control technology and camera stabilization. The company is dedicated to making aerial photography and filmmaking equipment and platforms more accessible, reliable and easier to use for creators and innovators around the world. DJI’s global operations currently span across the Americas, Europe and Asia, and its revolutionary products and solutions have been chosen by customers in over 100 countries for applications in filmmaking, construction, inspection, emergency response, agriculture, conservation and many other industries.
For more information, visit our:
Website: www.dji.com
Online Store: store.dji.com/
Facebook: www.facebook.com/DJI
Instagram: www.instagram.com/DJIGlobal
Twitter: www.twitter.com/DJIGlobal
LinkedIn: www.linkedin.com/company/dji
INVESTOR CONTACT:
Kip E. Meintzer
Check Point Software Technologies
+1.650.628.2040
ir@checkpoint.com
MEDIA CONTACT:
Chris Navalta
Check Point Software Technologies
+1.650.628.2279
press@checkpoint.com