The vulnerability of DJIs allowed the hackers to get into the account of anyone unnoticed by the user.
Security researchers Check Point the deficiencies in the DJI's cloud infrastructure detected in March, allowing attackers to manage their user accounts and access personal data, such as flight logs, maps, account information, and photos or videos. received during the flight.
However, DJI said he had violated his vulnerability in September.
Users attacked the attack and compromised the harmful links shared by the DJI Forum and was designed for users to discuss their products.
Anyone who clicked on a "Specially Designed Malicious Link" could be the victim of theft of their login details, allowing hackers to access cloud data, account information, access to the store, forum and other information.
They also have access to user data FlightHubDJI fleet management system, which stores live video.
This vulnerability is associated with authentication labels. This allows users to scroll through different DJI sites without having to access different entries.
Hackers use this feature to break down Facebook data in September, causing 50 million user accounts.
"This is a very deep vulnerability""said Audid Vanu, head of the Vulnerability Research Center at Check Point, WIRED.
According to DJI, Check Point has failed through its bugfix program, and has since thoroughly studied software and hardware to ensure that the attack does not happen again.
Eventually, DJI engineers have identified vulnerabilities «High risk – low probability», because it will be difficult in real life.
DJI engineers have effectively and effectively eliminated this vulnerability after Check Point Research reported it.
At Check Point, details of how pests can access user accounts. The link posted on the forums includes an additional part of the code.
When users navigate to this code line, the script was silently activated to collect "cookies" that included users' access to work in chips. This allowed hackers to bypass additional security layers, such as two-factor authentication, which means that users do not know if the account is broken.