Drone hackers/researchers can modify the firmware for DJI drones, thanks to rogue DJI developers and a fork of a public Github repo:
Github rejected a DMCA takedown request from Chinese drone-maker DJI after someone forked source code left in the open by a naughty DJI developer, The Register can reveal.
This included AES keys permitting decryption of flight control firmware, which could allow drone fliers with technical skills to remove geofencing from the flight control software: this software prevents DJI drones from flying in certain areas such as the approach paths for airports, or near government buildings deemed to be sensitive.
Though the released key is not for the latest firmware version, The Register has seen evidence (detailed below) that drone hackers are already incorporating it in modified firmware available for anyone to download and flash to their drones.
[...] In fact the people who posted the keys to DJI's kingdom, as well as source code for various projects, were DJI devs. The company said in a later statement that they were sacked.
The code was forked by drone researcher Kevin Finisterre, who submitted a successful rebuttal to the takedown request on the grounds that Github's terms and conditions explicitly permit forking of public repos.
[...] Drone hackers have already begun distributing modded firmware for DJI's popular Phantom drones, as we can see on – where else? – Github
Previously: Man Gets Threats-Not Bug Bounty-After Finding DJI Customer Data in Public View
Related: DJI introduced new software to stop its drones from flying in restricted airspace.
Skip the Complex Tracking Software, DJI Says, and Give Drones an "Invisible" License Plate
$500 DJI Spark Drone can Take Off and Land from Your Palm
DJI Will Ground Drones If They Don't Apply a Software Update
(Score: 3, Interesting) by DannyB on Friday January 26 2018, @02:51PM (5 children)
DMCA is not a magical way to disappear things that you don't like.
It is for copyright infringement only.
A DMCA notice requires a signature attesting that the notice is correct under penalty of perjury.
The perjury things needs to be enforced. There needs to be a statutory minimum equivalent to the statutory damages for copyright infringement. (What is it now? $150,000.00 ?) This is reasonable, because nobody should be filing a DMCA notice unless they have a legitimate copyright complaint, just as nobody should be infringing copyright. If one is a legitimate grievance deserving a huge statutory penalty to protect people, then the other is also.
So is the DMCA filer claiming that the posting of the source code is copyright infringement? Are they claiming that they are the copyright owner or registered agent to represent the copyright owner? Even if the source code is copyrighted and can be taken own, the public knowledge of the crypto keys are mere fact. Then we are back to arguing that certain numbers can be copyrighted.
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 2, Insightful) by Anonymous Coward on Friday January 26 2018, @04:06PM (4 children)
No, that is not the case. The law [cornell.edu] says:
Note how "under penalty of perjury" remark only attaches to the last bit there? Yeah. This bit has no teeth unless you are sending unauthorized DMCA notices claiming infringement of someone else's work.
(Score: 2) by DannyB on Friday January 26 2018, @04:57PM (3 children)
OK.
So do 2 things:
1. Actually seriously punish DMCA notices sent by someone NOT authorized to act on the copyright owner's behalf.
2. Also seriously punish DMCA notices that do not state an actual copyright being infringed, but merely ask to have something taken down for ?reasons?
People today are educated enough to repeat what they are taught but not to question what they are taught.
(Score: 0) by Anonymous Coward on Friday January 26 2018, @08:38PM
Step 1, require all DMCA notices be signed by an attorney registered to practice before the bar in the state in which they sign the notice
Step 2, require disbarment for any attorney who signs a DMCA notice that contains false information (where false information is further defined as most of the current requirements: must state a copyright infringement, must be authorized by the copyright holder, etc., plus include that the copying must not also be considered fair use of the material).
Suddenly, the attorneys will be very careful that they have all their ducks in a row properly before ever signing a DMCA notice.
But, the congressional blowhards, being lawyers themselves mostly, will never do something like this that would hurt fellow lawyers.
(Score: 0) by Anonymous Coward on Friday January 26 2018, @09:01PM
Well sure, but how often does this actually happen? Why would anyone bother sending takedown notices involving a work for which they are not authorized to do so, when it is so simple to just allege infringements of your own works?
But the law doesn't provide any useful mechanism to discourage this behaviour, so this would require a change to the law.
Nevertheless, there may be other statutes that can apply in some circumstances... e.g., perhaps someone could successfully argue that repeated takedown notices made in bad faith constitute some form of harassment of the designated agent (IANAL).
(Score: 0) by Anonymous Coward on Friday January 26 2018, @10:42PM
Get rid of DMCA takedown notices and keep safe harbor. We don't need this censor-first-ask-questions-later 'compromise'. Yes, that means people would actually have to go to court and have a judge request that the content be removed. Yes, that would mean that enforcing copyrights would likely become more difficult, but we're not supposed to sacrifice justice in the name of making it easier to enforce copyright to begin with.