SoylentNews

takyon [soylentnews.org] writes:

Drone hackers/researchers can modify the firmware for DJI drones, thanks to rogue DJI developers and a fork of a public Github repo [theregister.co.uk]:

Github rejected a DMCA takedown request from Chinese drone-maker DJI after someone forked source code left in the open by a naughty DJI developer, The Register can reveal.

This included AES keys permitting decryption of flight control firmware, which could allow drone fliers with technical skills to remove geofencing from the flight control software: this software prevents DJI drones from flying in certain areas such as the approach paths for airports, or near government buildings deemed to be sensitive.

Though the released key is not for the latest firmware version, The Register has seen evidence (detailed below) that drone hackers are already incorporating it in modified firmware available for anyone to download and flash to their drones.

[...] In fact the people who posted the keys to DJI's kingdom, as well as source code for various projects, were DJI devs. The company said in a later statement that they were sacked.

The code was forked by drone researcher Kevin Finisterre, who submitted a successful rebuttal to the takedown request [github.com] on the grounds that Github's terms and conditions explicitly permit forking of public repos.

[...] Drone hackers have already begun distributing modded firmware for DJI's popular Phantom drones, as we can see [github.com] on – where else? – Github

Previously: Man Gets Threats-Not Bug Bounty-After Finding DJI Customer Data in Public View [soylentnews.org]

Related: DJI introduced new software to stop its drones from flying in restricted airspace. [soylentnews.org]
Skip the Complex Tracking Software, DJI Says, and Give Drones an "Invisible" License Plate [soylentnews.org]
$500 DJI Spark Drone can Take Off and Land from Your Palm [soylentnews.org]
DJI Will Ground Drones If They Don't Apply a Software Update [soylentnews.org]

Original Submission