Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday January 26 2018, @11:45AM   Printer-friendly
from the post-secret-keys-and-you-get-forked dept.

Drone hackers/researchers can modify the firmware for DJI drones, thanks to rogue DJI developers and a fork of a public Github repo:

Github rejected a DMCA takedown request from Chinese drone-maker DJI after someone forked source code left in the open by a naughty DJI developer, The Register can reveal.

This included AES keys permitting decryption of flight control firmware, which could allow drone fliers with technical skills to remove geofencing from the flight control software: this software prevents DJI drones from flying in certain areas such as the approach paths for airports, or near government buildings deemed to be sensitive.

Though the released key is not for the latest firmware version, The Register has seen evidence (detailed below) that drone hackers are already incorporating it in modified firmware available for anyone to download and flash to their drones.

[...] In fact the people who posted the keys to DJI's kingdom, as well as source code for various projects, were DJI devs. The company said in a later statement that they were sacked.

The code was forked by drone researcher Kevin Finisterre, who submitted a successful rebuttal to the takedown request on the grounds that Github's terms and conditions explicitly permit forking of public repos.

[...] Drone hackers have already begun distributing modded firmware for DJI's popular Phantom drones, as we can see on – where else? – Github

Previously: Man Gets Threats-Not Bug Bounty-After Finding DJI Customer Data in Public View

Related: DJI introduced new software to stop its drones from flying in restricted airspace.
Skip the Complex Tracking Software, DJI Says, and Give Drones an "Invisible" License Plate
$500 DJI Spark Drone can Take Off and Land from Your Palm
DJI Will Ground Drones If They Don't Apply a Software Update


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Interesting) by DannyB on Friday January 26 2018, @02:51PM (5 children)

    by DannyB (5839) Subscriber Badge on Friday January 26 2018, @02:51PM (#628271) Journal

    DMCA is not a magical way to disappear things that you don't like.

    It is for copyright infringement only.

    A DMCA notice requires a signature attesting that the notice is correct under penalty of perjury.

    The perjury things needs to be enforced. There needs to be a statutory minimum equivalent to the statutory damages for copyright infringement. (What is it now? $150,000.00 ?) This is reasonable, because nobody should be filing a DMCA notice unless they have a legitimate copyright complaint, just as nobody should be infringing copyright. If one is a legitimate grievance deserving a huge statutory penalty to protect people, then the other is also.

    So is the DMCA filer claiming that the posting of the source code is copyright infringement? Are they claiming that they are the copyright owner or registered agent to represent the copyright owner? Even if the source code is copyrighted and can be taken own, the public knowledge of the crypto keys are mere fact. Then we are back to arguing that certain numbers can be copyrighted.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 2, Insightful) by Anonymous Coward on Friday January 26 2018, @04:06PM (4 children)

    by Anonymous Coward on Friday January 26 2018, @04:06PM (#628304)

    A DMCA notice requires a signature attesting that the notice is correct under penalty of perjury.

    No, that is not the case. The law [cornell.edu] says:

    ... A statement that the information in the notification is accurate, and under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.

    Note how "under penalty of perjury" remark only attaches to the last bit there? Yeah. This bit has no teeth unless you are sending unauthorized DMCA notices claiming infringement of someone else's work.

    • (Score: 2) by DannyB on Friday January 26 2018, @04:57PM (3 children)

      by DannyB (5839) Subscriber Badge on Friday January 26 2018, @04:57PM (#628334) Journal

      OK.

      So do 2 things:
      1. Actually seriously punish DMCA notices sent by someone NOT authorized to act on the copyright owner's behalf.
      2. Also seriously punish DMCA notices that do not state an actual copyright being infringed, but merely ask to have something taken down for ?reasons?

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 0) by Anonymous Coward on Friday January 26 2018, @08:38PM

        by Anonymous Coward on Friday January 26 2018, @08:38PM (#628504)

        The fix is likely trivial. But none of the congressional blowhards will create the wording, because it hurts those in their "cult" (i.e., lawyers).

        Step 1, require all DMCA notices be signed by an attorney registered to practice before the bar in the state in which they sign the notice

        Step 2, require disbarment for any attorney who signs a DMCA notice that contains false information (where false information is further defined as most of the current requirements: must state a copyright infringement, must be authorized by the copyright holder, etc., plus include that the copying must not also be considered fair use of the material).

        Suddenly, the attorneys will be very careful that they have all their ducks in a row properly before ever signing a DMCA notice.

        But, the congressional blowhards, being lawyers themselves mostly, will never do something like this that would hurt fellow lawyers.

      • (Score: 0) by Anonymous Coward on Friday January 26 2018, @09:01PM

        by Anonymous Coward on Friday January 26 2018, @09:01PM (#628524)

        1. Actually seriously punish DMCA notices sent by someone NOT authorized to act on the copyright owner's behalf.

        Well sure, but how often does this actually happen? Why would anyone bother sending takedown notices involving a work for which they are not authorized to do so, when it is so simple to just allege infringements of your own works?

        2. Also seriously punish DMCA notices that do not state an actual copyright being infringed, but merely ask to have something taken down for ?reasons?

        But the law doesn't provide any useful mechanism to discourage this behaviour, so this would require a change to the law.

        Nevertheless, there may be other statutes that can apply in some circumstances... e.g., perhaps someone could successfully argue that repeated takedown notices made in bad faith constitute some form of harassment of the designated agent (IANAL).

      • (Score: 0) by Anonymous Coward on Friday January 26 2018, @10:42PM

        by Anonymous Coward on Friday January 26 2018, @10:42PM (#628598)

        Get rid of DMCA takedown notices and keep safe harbor. We don't need this censor-first-ask-questions-later 'compromise'. Yes, that means people would actually have to go to court and have a judge request that the content be removed. Yes, that would mean that enforcing copyrights would likely become more difficult, but we're not supposed to sacrifice justice in the name of making it easier to enforce copyright to begin with.