Tuesday , February 7 2023

DJI did not allow hackers to spy users


According to Check Point researchers, the DJI drone vulnerability allowed hackers to login to user accounts without a password. Hand-held access allows attackers to track sensitive information such as the FlightHub real-time view, the drone location, the last four digits of a credit card, and photos taken during the flight.

The approach could still grow: researchers say the FlightHub tool would still allow hackers to access other related drones and set up flight routes.

DJI used the same authentication in forums and applications

Researchers say the blame is about the password protection for the DJI forum and how the company authenticates these accounts. DJI.com was able to find an open source, and this allowed JavaScript to be embedded separately. From that moment on, it was possible to create a malicious link that took the data and sent it to another server – even the ability to capture the markers.

In this case, this attack became more dangerous as the DJI used the same authentication in forums and applications. "With the ecosystem in which we live today, tokens are the language you are talking about when you connect to software components," said researchers.

The DJI spokesman said that the fault was almost not used in real life and fixed the problem six months after the warning point at Check Point.

TecMundo discount coupons:

Source link