10 Nov Security Issue on Drone Maker’s Website Exposes Accounts, Drone Live Feeds
According to researchers at Check Point, drone maker DJI recently fixed a security bug on their website and app that had existed for six-months.
The researchers said that the flaw would have granted hackers complete access to the data in DJI’s cloud storage which may contain drone logs, maps and even live video footage.
However, Check Point said that for the attack to work, a victim would have had to click on a malicious link from the DJI Forum to exploit a cross-site scripting (XSS) flaw. The attacker would then have to steal the user’s account access token to gain access the user’s main account.