A name from the OP days...

As seen on Slashdot
https://tech.slashdot.org/story/17/11/18/0623212/dji-threatens-researcher-who-reported-exposed-cert-key-credentials-and-customer-data

Kevin apparently found clear text keys to web servers and cloud storage in code published by DJI devs on GitHub and tried to collect bounty under DJI's bug bounty program, now DJI is claiming he is accessing their servers without authorization.

Some personal opinions follow.  Not necessarily those of LP folks in general.

Be aware that now days DJI quads require draconian log ins.  They know everything about all your hardware and flights.  There was an uproar when DJI decided to require everyone to upgrade firmware or get bricked.  I personally have some Naza controllers that fly just fine on firmware version 4.02 and I will never upgrade them or even let the app phone home.

In case you didn't know it and might wonder about your info passing outside your country, DJI is a Chinese company.  Info they have access to apparently includes flight logs, videos, locations, hardware you own, registration, certs that may be required...  So don't fly around or video anything that should be kept from public view; especially since these keys are in the open now.
« Last Edit: November 19, 2017, 05:55:27 am by TheOtherCliff »

Rick~K

  • *
  • 12
  • fossil from the OP days
Interesting read, if anyone could have found it it would have been Kevin. That guy IS one of the "sharpest tools in the shed".