If You’re a Hacker, DJI Might Want Your Services
What does DJI and hackers have in common? Now before you get the idea that the world’s leading consumer drone brand has suddenly gone shady, rest be assured that it’s nothing close to being illegal. DJI is currently seeking hackers and security consultants for its “Bug Bounty” program which is aimed at weeding out security vulnerabilities in the software used in its products.
The program comes in the wake of recent security concerns relating to DJI products that have made headlines with the most high profile one involving the US Army which grounded all DJI drones that are used in its operations. These concerns are quite justified considering that DJI drones are known to have “hot patching” issues in their firmware which allows them to be updated without users’ approval or knowledge. Such vulnerabilities could lead to DJI drones being hijacked for snooping or illegal data gathering by hackers.
As if that wasn’t enough to scare DJI owners, some quarters have started raising questions about how much data that DJI itself is gathering from the drones it sells — a concern that DJI has been swift to shoot down as unfounded. The company has since been steadfast in denying claims that it gathers more data than it should be gathering.
To ease fears of data privacy issues with its products, DJI recently introduced a “silent mode” feature which allows users to prevent their DJI drones from transmitting any data to wireless networks during flights. Its most recent initiative — Bug Bounty — is seen as a move to reinforce consumer confidence in its products by roping in security consultants and hackers to help make them more robust and secure.
Bugs and security vulnerabilities in DJI products can now be reported to firstname.lastname@example.org and rewards will be determined based on the severity of the detected vulnerability. This could be anywhere between $100 and $30,000.
In the past, DJI has had a reputation of not formally cooperating with individuals or parties who seek to expose issues in DJI software or improve it through reverse engineering. Some have resorted to publishing their findings or hacks on various platforms such as online forums. With the launch of Bug Bounty, DJI is finally coming to terms that it needs to exist and cooperate with the hacker community to help improve its products and reputation.