Authentication Flaw in DJI Drone Web App Let Attackers Gain Control

Researchers have found a critical authentication flaw in the DJI drone web app which poses a serious threat to the security of business giants and to the solo clan as well. Once exploited, the vulnerabilities discovered were reported to trigger remote hacks gaining access to DJI’s web store, synced cloud server data, and FlightHub

Security Vulnerability Found in the DJI Drone Web App

As discovered by the researchers at Check Point Research, a critical authentication flaw has existed in the DJI drone web app which when exploited allowed attackers to access targeted user’s DJI account without any alarm going off.

The security vulnerability was nestled in the authentication process of DJI which allowed the attacker to sneak around protections and get access to the victim’s account in the manner as follows – referenced from Check Point Reports

DJI uses a cookie that the attacker can obtain to identify a user and create tokens, or tickets, to access their platforms. Through the use of this cookie, an attacker is able to simply hijack any user’s account and take complete control over any of the user’s DJI Mobile Apps, Web Account or DJI FlightHub account.”

How the exploit unfolds?

To set the execution of the attack in motion is far from a complex mechanism, simply clicking on an infectious link that the attacker publishes on the DJI forum will have your account held hostage. 

The attack type is known to be a cross-site scripting attack which provides unethical access to the victim’s account from where the attackers can sneak sensitive data such as multimedia captured by the drone, its flight logs, camera view, profile information, and live map.

DJI’s take on the security crisis

A DJI which has battled with security issues lately, this time welcomed the findings by the researchers with open arms as DJI’s Mario Rebello, vice president, and the country manager was recorded saying, “We applaud the expertise Check Point researchers demonstrated through the responsible disclosure of a potentially critical vulnerability,” in a statement. He said, “This is exactly the reason DJI established our bug bounty program in the first place.”
Appropriately responding to the findings by the Check Point Reports, DJI acknowledged the escalated risk factor of the bug but also attributed low probability to the flaw easing the concerns of the users. Alongside, they also confirmed that the flaw remained unexploited. 

Leave a Reply