SoylentNews is people
SoylentNews
from the post-secret-keys-and-you-get-forked dept.
Drone hackers/researchers can modify the firmware for DJI drones, thanks to rogue DJI developers and a fork of a public Github repo:
Github rejected a DMCA takedown request from Chinese drone-maker DJI after someone forked source code left in the open by a naughty DJI developer, The Register can reveal.
This included AES keys permitting decryption of flight control firmware, which could allow drone fliers with technical skills to remove geofencing from the flight control software: this software prevents DJI drones from flying in certain areas such as the approach paths for airports, or near government buildings deemed to be sensitive.
Though the released key is not for the latest firmware version, The Register has seen evidence (detailed below) that drone hackers are already incorporating it in modified firmware available for anyone to download and flash to their drones.
[...] In fact the people who posted the keys to DJI's kingdom, as well as source code for various projects, were DJI devs. The company said in a later statement that they were sacked.
The code was forked by drone researcher Kevin Finisterre, who submitted a successful rebuttal to the takedown request on the grounds that Github's terms and conditions explicitly permit forking of public repos.
[...] Drone hackers have already begun distributing modded firmware for DJI's popular Phantom drones, as we can see on – where else? – Github
Previously: Man Gets Threats-Not Bug Bounty-After Finding DJI Customer Data in Public View
Related: DJI introduced new software to stop its drones from flying in restricted airspace.
Skip the Complex Tracking Software, DJI Says, and Give Drones an "Invisible" License Plate
$500 DJI Spark Drone can Take Off and Land from Your Palm
DJI Will Ground Drones If They Don't Apply a Software Update
(Score: 2, Interesting) by Anonymous Coward on Friday January 26 2018, @12:42PM (8 children)
Good!, I say.
If the story from the article is true (we only know one side, so far ...), I do not condone AT ALL what those DJI devs did. It was probably illegal, and IMNSHO it was morally wrong. In a just world, the results of these acts *would* be undone; the reality of the Streisand effect notwithstanding.
But no result ever justifies the methods.
The DMCA was not violated here (at least not by the forker), so it does not apply. The DMCA is not a magic content removal tool (no matter how your MAFIAA pals are spinning their story at business lunches). In fact, there is *no* magic content removal tool. And for very good reason. Your code's out now, and there's nothing you can do about it.
So, *IF* those two developers did it on purpose (and not through a foolhardy setup of yours that was only waiting for a trivial mistake to be made): be my guest, fuck them sideways. But apart from that, we the world are not obliged to be nice to you now - we're only obliged to obey the law. Which was done here. You were wronged, but you have no recourse. So go home, and cry a little, and next time have better work processes to prevent this shit.
On the other hand, knowing how this stuff works, those two developers are most likely just the fall guys. The real culprit is a manager three levels above, who has been ignoring their pleas on preventing this for years, just so that his own bottom line looks a little better. Hey, win-win-win-win now! Money was saved, whiney deceiving assholes are gone, will be replaced by proper little shut-up-ing blame-takers now, heroic manager to the rescue. Please excuse me while using my barfbag.
(Score: 0) by Anonymous Coward on Friday January 26 2018, @01:20PM (7 children)
No. It should all be free software and 100% controlled by the user. Short of that, making it easier for people to hack their own drones is a good thing, not a morally wrong thing.
(Score: 1, Interesting) by Anonymous Coward on Friday January 26 2018, @02:12PM (6 children)
In philosphical principle, that software should have been free, yes, I'm with you on that.
But those two developers had a contract with their employer. I'll bet you that this contract contained wording about confidentiality. Which they agreed to by signing the contract. And then they broke that promise.
In my opinion, promising something and then doing the opposite is morally wrong (plusminus a few corner cases where you were not in full possession of the facts during the promise).
If such behaviour were _intentional_, i.e. the breaking of the promise was already planned while giving it, then it's not only morally wrong but also antisocial.
Accepting that "the ends justify the means" has always been a prime road into tyranny and murder, for societies as well as individuals.
(Score: 0) by Anonymous Coward on Friday January 26 2018, @03:12PM (1 child)
Tell that to Snowden etc.
(Score: 1, Insightful) by Anonymous Coward on Friday January 26 2018, @04:41PM
Actually he was acting in *exactly* one of those corner cases which I exempted.
Are you trying telling me that you consider "the US secretly and forcibly spying on the whole world, with the implied goal of more easily bending everybody's actions to US will" to be in the same league as "DJI won't give the firmware sourcode which they created at their own expense"?
If you always wanted sourcecode for the firmware, why did you buy DJI crap in the first place?
(Score: 0) by Anonymous Coward on Friday January 26 2018, @05:00PM (1 child)
the war for control of skynet is a war for the future of humanity. even using violence is ok.
(Score: 0) by Anonymous Coward on Friday January 26 2018, @06:12PM
Ugh, that is some horrible bit of social programming there. Hoping to turn some unbalanced techies into your toys soldier anarchists?
(Score: 0) by Anonymous Coward on Friday January 26 2018, @09:47PM (1 child)
Violating contracts can be perfectly justifiable, and I say it would be in a case like this. Same for NDAs in general. I don't think they should even be enforceable.
Making a "promise" to employers who hold power over you and then breaking it is not necessarily wrong. Most of these contracts are unjust.
The ends do sometimes justify the means, particularly when the means are not actually bad, like in this case. No, this will not lead to tyranny and murder.
(Score: 0) by Anonymous Coward on Saturday January 27 2018, @07:40AM
Your idea that "I am right and they are wrong. Therefore my actions cannot be wrong, even if they hurt them" is exactly what I am talking about.
So let me get personal for the first time:
With this basic idea, you are putting yourself in the footsteps of the likes of Mao, Stalin, McCarthy, the "only-a-dead-readskin-..." crowd and lots of smaller assholes that were fought and later reviled throughout human history.
Since you are a believer in your being an ubermensch (deciding about good and bad according to your own, blatantly self-serving opinion), I'll stop trying to have a rational discussion now. I just hope, for all people around you, that you never, ever get into a position of power, no matter how small.