DJI fix the loophole that allowed the stealing of data from their users

The gate Arab News Technical The Gate Arab News Technical

DJI تصلح ثغرة سمحت بسرقة بيانات مستخدميها

Announced DJ ay DJI China industry UAV business and consumer for the repaired breach in its infrastructure cloud allowed the attackers to control user accounts and access to private data such as photos and videos captured by its unmanned aircraft, besides providing a loophole the hacker account information, the user’s personal and credit card details and logs the flight which contains the location data and maps, so that the hackers can access to the location of the drone in actual-time and get residents alive during the flight.

And to DJI as the largest manufacturer of drones consumer in the world, where you can take the Chinese company to nearly 70 percent of the UAV industry, business and consumer world, and reviewed their products frequently to audit by the government of the United States on concerns about privacy and security, preventing US Department of defense in the month of may, buy a UAV consumable provided by a range of vendors, including the company DJI.

And discover the researchers of security firm “Check Point” Check Point gap in March, where researchers found that they can get the access codes, which allow in turn for the users of DJI to transition smoothly between various cloud services of the company without having to log in each time via the so-called system log in the fireplace, so that an access token as a primary key for the user account fully.

Fall users fall prey to attack by clicking on the malicious link has been shared through the forum of the DJI, which is the online forum run by the company for discussions on their products, where any user transmits over the link malignant cultivated knowledge to steal your login information, giving the hackers access to cloud data and account information and the forum and other data.

Also give them access to user data from FlightHub, a management system of the aircraft DJI which stores snapshots of a live broadcast, she explained the security company that “many companies are using one-time authentication in order to create a code entry of the characteristic for the user allowing them to access different services without having to enter a user name and password all the time, but this means that we live in an age where it could become the attack target-wide solution.”

The company said DJ ay DJI’s leaders since tell her the news. check its software and its organs to ensure the non-recurrence of the attack, and identified the company’s engineers vulnerabilities as “high risk likelihood low” depending on the it difficult to implement develop a complex set of preconditions to exploit it successfully, so that the user must log in to the account of DJI’s own while you click on the link of a malignant cultivated specially in the middle of the DJI.

He said engineers of DJI corrects this gap, there is no evidence that he had been exploited by the attackers, explained the company Check Point how the attackers managed to access user accounts, which includes the link published in the forums part further includes code, when the user clicks on them, run the script in secret, in the background, which in turn collects the “cookies” that contain the Access Code of the user.

Were able to the hackers through the use of access codes that bypass the layers of additional security such as authentication, which means that users will know whether their account has been compromised or not, this issue is a concern because the UAV has a lot of information and it was possible to obtain them quite easily.

The use of drones within every thing such as military training and broadcasting of news and Field Studies, said Mario Rebello Mario Rebello, vice president of the company DJI in North America: “considering all the technology companies to enhance cyber security is a continuous process that never ends. Protect the safety of our users ‘ information is a top priority to buy the DJI, we are committed to continued collaboration with security researchers, such as Check Point”.

Retrieved DJI fix the loophole that allowed the stealing of data from their users

If you are watching what you read now, be aware that this content a user is illegally in this location, and the original position of the gate Arab News Technical

Leave a Reply

Your email address will not be published. Required fields are marked *