Thursday, June 13, 2024

DJI Drone Can be Hacked using New Vulnerability To Steal Drone’s Flight logs, Photos & Videos

A Critical DJI Drone Vulnerability allows attackers to compromise the DJI Drone account and access the sensitive information including Flight logs, photos, and videos if it’s synced with DJI’s cloud servers.

DJI, a Drone manufacturer and its Drone used by many individuals and corporate for personal and commercial purpose in various sector such as agricultural, manufacturing to help them to capture images and taking video in clear viewpoint for various reasons.

According to Check Point Research, the DJI Drone Vulnerability could be exploited without users being aware of it and an attacker can access the various sensitive Drone activities data.

DJI forum, Used to discuss the futures and its products is the place where the vulnerability was accessed by researchers.

An attacker can post a malicious link in the forum to let users click on it to steal their login credentials that used by users to access to other DJI online platform such as DJI’s web platform, Cloud server data, DJI’s FlightHub.

Also, this potential vulnerabilities can be exploited in all three DJI platforms including  Website, Mobile App and FlightHub.

Attack Flows

The Vulnerability provides an access to pretty sensitive Drones activities including the information associated with a DJI user’s account Flight logs, photos and videos during the Drone in the air along with living camera view and map.

DJI Drone Vulnerability Details

In order to access the Drone users accounts, Attacker mainly needs to obtain the user’s tokens, or tickets, cookies which then can be used to hijack the accounts & gain the complete control of users all the 3 platform.

The researcher found the way that attackers access via mobile platform via a request to the mobile.php URL give sensitive information such as username, member_uid, token and much more and finally they Analyzed cookies named ‘meta-key’ was the main reason to leak the user’s identification.

Later attacker sends the XSS payload that helps to send the meta-key cookie to the user’s website by just o write a simple post in the DJI forum which would contain the link to the payload.

According to Checkpoint research, Follow process are used to attacker hijacking the account.

  • First the attacker needs a meta-key and a token to replace with their own. So he sends the meta-key he wants to hack to mobile.php and receives a corresponding token.
  • The attacker then enters his credentials and a login request is sent.
  • Once a response from Step 2 is received, the attacker replaces the cookie_key value with the victim’s meta-key and his token with the token from Step 1.
  • The attacker now has full access to the victim’s account.

A Demo Video of the Attack

“Also In order to get access to the flight log files, all the attacker need do is synchronize the flight records with his phone and all flight logs which had been manually uploaded to DJI cloud servers would be saved locally on his phone. researchers said.”

Related Read

PortSmash – A New Side Channel Vulnerability in SMT/Hyper-Threading That Allows Attackers To Steal Sensitive Data

Hackers Exploit Cisco Zero Day Vulnerability in Wild Resulting in DoS Condition

Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data

Website

Latest articles

Microsoft Windows Ntqueryinformationtoken Flaw Let Attackers Escalate Privileges

Microsoft has disclosed a critical vulnerability identified as CVE-2024-30088.With a CVSS score of 8.8, this flaw affects Microsoft...

256,000+ Publicly Exposed Windows Servers Vulnerable to MSMQ RCE Flaw

Cybersecurity watchdog Shadowserver has identified 256,000+ publicly exposed servers vulnerable to a critical Remote...

Indian National Jailed For Hacked Servers Of Company That Fired Him

An Indian national was sentenced to two years and eight months in jail for...

JetBrains Warns of GitHub Plugin that Exposes Access Tokens

A critical vulnerability (CVE-2024-37051) in the JetBrains GitHub plugin for IntelliJ-based IDEs (2023.1 and...

Critical Flaw In Apple Ecosystems Let Attackers Gain Unauthorized Access

Hackers go for Apple due to its massive user base along with rich customers,...

Hackers Exploiting Linux SSH Services to Deploy Malware

SSH and RDP provide remote access to server machines (Linux and Windows respectively) for...

Firefox 127 Released With patch for 15 Vulnerabilities

Mozilla has released Firefox 127, addressing 15 security vulnerabilities, some of which have been...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles