According to Check Point researchers, the DJI drone vulnerability allowed hackers to login to user accounts without a password. Hand-held access allows attackers to track sensitive information such as the FlightHub real-time view, the drone location, the last four digits of a credit card, and photos taken during the flight.
The approach could still grow: researchers say the FlightHub tool would still allow hackers to access other related drones and set up flight routes.
DJI used the same authentication in forums and applications
In this case, this attack became more dangerous as the DJI used the same authentication in forums and applications. "With the ecosystem in which we live today, tokens are the language you are talking about when you connect to software components," said researchers.
The DJI spokesman said that the fault was almost not used in real life and fixed the problem six months after the warning point at Check Point.
TecMundo discount coupons: