DJI Patches Forum Bug That Allowed Drone Account Takeovers

Leading commercial drone maker DJI patched a cross-site scripting bug impacting its forums that could have allowed a hacker to hijack user accounts and gain access to sensitive online data, ranging from flight images, bank card data, flight records and even real time camera images.

The vulnerability is significant given DJI’s estimated 70 percent market share of the commercial and consumer market, according to IDC researchers, who pointed out that “[s]ectors ranging for energy, government and public safety could potentially have their entire drone programs exposed.” Check Point publicly disclosed the bug Thursday. Researchers said they found the flaw in March. DJI said it fixed the forum vulnerability in September.

Read more about the DJI drone bug on Threatpost.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief