Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

GitHub Rejects Drone-Maker DJI's DMCA Takedown After Encryption Keys Get Forked

posted by martyb on Friday January 26 2018, @11:45AM   Printer-friendly
from the post-secret-keys-and-you-get-forked dept.

takyon writes:

Drone hackers/researchers can modify the firmware for DJI drones, thanks to rogue DJI developers and a fork of a public Github repo:

Github rejected a DMCA takedown request from Chinese drone-maker DJI after someone forked source code left in the open by a naughty DJI developer, The Register can reveal.

This included AES keys permitting decryption of flight control firmware, which could allow drone fliers with technical skills to remove geofencing from the flight control software: this software prevents DJI drones from flying in certain areas such as the approach paths for airports, or near government buildings deemed to be sensitive.

Though the released key is not for the latest firmware version, The Register has seen evidence (detailed below) that drone hackers are already incorporating it in modified firmware available for anyone to download and flash to their drones.

[...] In fact the people who posted the keys to DJI's kingdom, as well as source code for various projects, were DJI devs. The company said in a later statement that they were sacked.

The code was forked by drone researcher Kevin Finisterre, who submitted a successful rebuttal to the takedown request on the grounds that Github's terms and conditions explicitly permit forking of public repos.

[...] Drone hackers have already begun distributing modded firmware for DJI's popular Phantom drones, as we can see on – where else? – Github

Previously: Man Gets Threats-Not Bug Bounty-After Finding DJI Customer Data in Public View

Related: DJI introduced new software to stop its drones from flying in restricted airspace.
Skip the Complex Tracking Software, DJI Says, and Give Drones an "Invisible" License Plate
$500 DJI Spark Drone can Take Off and Land from Your Palm
DJI Will Ground Drones If They Don't Apply a Software Update

Original Submission

 
This discussion has been archived. No new comments can be posted.
GitHub Rejects Drone-Maker DJI's DMCA Takedown After Encryption Keys Get Forked | Log In/Create an Account | Top | 19 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by DannyB on Friday January 26 2018, @04:57PM (3 children)

    by DannyB (5839) Subscriber Badge on Friday January 26 2018, @04:57PM (#628334) Journal

    OK.

    So do 2 things:
    1. Actually seriously punish DMCA notices sent by someone NOT authorized to act on the copyright owner's behalf.
    2. Also seriously punish DMCA notices that do not state an actual copyright being infringed, but merely ask to have something taken down for ?reasons?

    --
    To transfer files: right-click on file, pick Copy. Unplug mouse, plug mouse into other computer. Right-click, paste.
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Friday January 26 2018, @08:38PM

    by Anonymous Coward on Friday January 26 2018, @08:38PM (#628504)

    The fix is likely trivial. But none of the congressional blowhards will create the wording, because it hurts those in their "cult" (i.e., lawyers).

    Step 1, require all DMCA notices be signed by an attorney registered to practice before the bar in the state in which they sign the notice

    Step 2, require disbarment for any attorney who signs a DMCA notice that contains false information (where false information is further defined as most of the current requirements: must state a copyright infringement, must be authorized by the copyright holder, etc., plus include that the copying must not also be considered fair use of the material).

    Suddenly, the attorneys will be very careful that they have all their ducks in a row properly before ever signing a DMCA notice.

    But, the congressional blowhards, being lawyers themselves mostly, will never do something like this that would hurt fellow lawyers.

  • (Score: 0) by Anonymous Coward on Friday January 26 2018, @09:01PM

    by Anonymous Coward on Friday January 26 2018, @09:01PM (#628524)

    1. Actually seriously punish DMCA notices sent by someone NOT authorized to act on the copyright owner's behalf.

    Well sure, but how often does this actually happen? Why would anyone bother sending takedown notices involving a work for which they are not authorized to do so, when it is so simple to just allege infringements of your own works?

    2. Also seriously punish DMCA notices that do not state an actual copyright being infringed, but merely ask to have something taken down for ?reasons?

    But the law doesn't provide any useful mechanism to discourage this behaviour, so this would require a change to the law.

    Nevertheless, there may be other statutes that can apply in some circumstances... e.g., perhaps someone could successfully argue that repeated takedown notices made in bad faith constitute some form of harassment of the designated agent (IANAL).

  • (Score: 0) by Anonymous Coward on Friday January 26 2018, @10:42PM

    by Anonymous Coward on Friday January 26 2018, @10:42PM (#628598)

    Get rid of DMCA takedown notices and keep safe harbor. We don't need this censor-first-ask-questions-later 'compromise'. Yes, that means people would actually have to go to court and have a judge request that the content be removed. Yes, that would mean that enforcing copyrights would likely become more difficult, but we're not supposed to sacrifice justice in the name of making it easier to enforce copyright to begin with.