Monday, October 7, 2024
HomeCyber Security NewsDJI Drone Can be Hacked using New Vulnerability To Steal Drone's Flight...

DJI Drone Can be Hacked using New Vulnerability To Steal Drone’s Flight logs, Photos & Videos

Published on

A Critical DJI Drone Vulnerability allows attackers to compromise the DJI Drone account and access the sensitive information including Flight logs, photos, and videos if it’s synced with DJI’s cloud servers.

DJI, a Drone manufacturer and its Drone used by many individuals and corporate for personal and commercial purpose in various sector such as agricultural, manufacturing to help them to capture images and taking video in clear viewpoint for various reasons.

According to Check Point Research, the DJI Drone Vulnerability could be exploited without users being aware of it and an attacker can access the various sensitive Drone activities data.

- Advertisement - EHA

DJI forum, Used to discuss the futures and its products is the place where the vulnerability was accessed by researchers.

An attacker can post a malicious link in the forum to let users click on it to steal their login credentials that used by users to access to other DJI online platform such as DJI’s web platform, Cloud server data, DJI’s FlightHub.

Also, this potential vulnerabilities can be exploited in all three DJI platforms including  Website, Mobile App and FlightHub.

Attack Flows

The Vulnerability provides an access to pretty sensitive Drones activities including the information associated with a DJI user’s account Flight logs, photos and videos during the Drone in the air along with living camera view and map.

DJI Drone Vulnerability Details

In order to access the Drone users accounts, Attacker mainly needs to obtain the user’s tokens, or tickets, cookies which then can be used to hijack the accounts & gain the complete control of users all the 3 platform.

The researcher found the way that attackers access via mobile platform via a request to the mobile.php URL give sensitive information such as username, member_uid, token and much more and finally they Analyzed cookies named ‘meta-key’ was the main reason to leak the user’s identification.

Later attacker sends the XSS payload that helps to send the meta-key cookie to the user’s website by just o write a simple post in the DJI forum which would contain the link to the payload.

According to Checkpoint research, Follow process are used to attacker hijacking the account.

  • First the attacker needs a meta-key and a token to replace with their own. So he sends the meta-key he wants to hack to mobile.php and receives a corresponding token.
  • The attacker then enters his credentials and a login request is sent.
  • Once a response from Step 2 is received, the attacker replaces the cookie_key value with the victim’s meta-key and his token with the token from Step 1.
  • The attacker now has full access to the victim’s account.

A Demo Video of the Attack

“Also In order to get access to the flight log files, all the attacker need do is synchronize the flight records with his phone and all flight logs which had been manually uploaded to DJI cloud servers would be saved locally on his phone. researchers said.”

Related Read

PortSmash – A New Side Channel Vulnerability in SMT/Hyper-Threading That Allows Attackers To Steal Sensitive Data

Hackers Exploit Cisco Zero Day Vulnerability in Wild Resulting in DoS Condition

Samsung & Crucial Storage Device Vulnerability Allow Attackers to Break the Password & Access the Entire Device Data

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...

Microsoft & DOJ Dismantles Hundreds of Websites Used by Russian Hackers

Microsoft and the U.S. Department of Justice (DOJ) have disrupted the operations of Star...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection

Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA,...

RCE Vulnerability (CVE-2024-30052) Allow Attackers To Exploit Visual Studio via Dump Files

The researcher investigated the potential security risks associated with debugging dump files in Visual...

Cacti Network Monitoring Tool Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been identified in the Cacti network monitoring tool that...