DJI Bug Bounty program offers rewards for finding security issues

Bruno Cirelli
Agosto 29, 2017

"Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI's apps and other software products and bringing concerns to public attention", DJI Director of Technical Standards Walter Stockwell said in the statement.

The company's new bug bounty program will offer financial rewards ranging from $100 to $30,000, depending on the severity of the vulnerability.

"DJI wants to learn from their experiences as we constantly strive to improve our products, and we are willing to pay rewards for the discoveries they make", Stockwell said.

Earlier this month, the US Army issued an internal memo effectively banning use of DJl products "due to increased awareness of cybersecurity vulnerabilities".

The DJI Threat Identification Reward Program is part of a renewed focus on addressing concerns about DJI product security, including new efforts to partner with security researchers and academics who have a common goal of trying to improve the security and stability of DJI products. A dedicated website is now under development where you will be able to report potential threats, but in the meantime you can direct your findings to "We value input from researchers into our products who believe in our mission to enable customers to use DJI products that are stable, reliable and trustworthy".

DJI says this program was created to identify threats to users' private data, videos, and logs.

DJI wants security researchers to turn their attention to its software and drones and will pay for discovered bugs or exploits.

"DJI did not authorize or condone either the collection or transmission of this data, and DJI never accessed this data", the company said in a blog post.

The company is also pulling two other plugins, jsPatch and Tinker, that let DJI deliver small updates without replacing an entire app. It could also have to do with issues that may cause an app to crash or affect flight safety, such as geofencing restrictions, flight altitude limits, and so forth.

Bending to public pressure as more and more drone hackers break into their kit, Chinese firm DJI has now announced a bug bounty program. "We showed them a great deal of security flaws in their products already, and they did not care about bugs, only those bugs/exploits which changed the app behaviour in ways users wanted the app to be".

Altre relazioni OverNewsmagazine

Discuti questo articolo