Thursday , July 7 2022

Do you have a DJI dron? Your data is in danger after a hack – – Diario de Mendoza, Argentina


Disturbing vulnerability in unmanned aircraft DJI hackers gives full access to a user account without any warning.

Security researchers from Check Point discovered in March cloud-based infrastructure for the DJI producer DJI that allowed attackers to control user accounts and access private data such as logs to the location of the drone, maps, account information and photos or videos taken during the flight.

However, DJI said that the vulnerability was in September.

Users were victims of an attack by clicking on a malicious link shared through the DJI Forum, an online space that the company created to help users talk about their products.

Any user who clicked on a "special malicious connection" could have been the victim of theft of their login information, which would allow hackers to access cloud, account information, store, forum, and other information.

It also provided access to user data FlightHub, a DJ management system that stores live images.

Vulnerability is associated with a token for authentication. This allows users to move between different DJI locations without having to log in every time.

Hackers used this feature in the latest Facebook data breach in September, which jeopardized 50 million user accounts.

"This is a very deep vulnerability"said Oded Vanunu, head of product vulnerability research at Check Point, for VIRED.

DJI said Check Point reported a failure through its award-winning error program and since then the company has thoroughly examined its software and hardware to make sure the attack can not be replicated.

In the end, DJI engineers rated vulnerability as "high risk – low probability", because it would be difficult to perform in real life.

DJI engineers used this efficiency efficiently and effectively as they were notified by Check Point Research.

Check Point has described in detail how attackers were able to access user accounts. Link posted on forums included an additional piece of software code.

When users clicked on that line of code, the script was silenced to run in the background by collecting "cookies" that contained user token access. This has enabled hackers to circumvent additional security layers, such as dual authentication, which means users do not know if their account is compromised.

Source link