Sunday , February 28 2021

Do you have DJI drone? Your data is in danger after hacking – – Diario de Mendoza, Argentina

Disturbing vulnerability in drones DJI gives hackers full access to user accounts without anyone noticing.

Security researchers from Check the point discovered a drone DJI cloud infrastructure error in March that enabled attackers to manage user accounts and access private data such as location logs, charts, account information, and photo or video during the flight.

However, the DJI said that in September it was overwhelmed by vulnerability.

Users were spoiled by an attack by clicking on the malicious link shared by the DJI Forum, the online space created by the company for users to talk about their products.

All users who clicked on a "separate malicious link" could be the victim of the theft of their login information, which would allow the hacker to access cloud, account, store, forum, and other information.

It also provided them with access to company data FlightHub, a fleet management system DJI that stores live images.

Vulnerability has been related to authentication tokens. This allows users to move between different DJ sites without having to log in each time.

Hackers took advantage of this feature in the latest violation of Facebook data in September, ending up to 50 million user accounts.

"This is a very deep vulnerability"said WEDED for Oded Vanunu, Product Review Manager at Check Point.

DJI said Check Point reported failure through a bug-making program, and since then the company has thoroughly reviewed its software and hardware to ensure that the attack can not be replicated.

Finally, DJI engineers tagged vulnerabilities as well "high risk – low probability"because it would be difficult to spend in real life.

The DJI engineers successfully and effectively improved this vulnerability after being reported by Check Point Research.

Check Point described how attackers could access their accounts. The forum link contained an additional part of the software code.

When users clicked on that line of code, the script was silently launched to appear in the background, collecting "cookies" that contain user access tokens. This enabled hackers to circumvent additional security layers such as two-factor authentication, meaning that users would not know if the account was compromised.

Source link