Thread Tools
This thread is privately moderated by Mad_angler1, who may elect to delete unwanted replies.
Jul 23, 2020, 07:16 PM
Bog Flusher Platinum Grade
Mad_angler1's Avatar
Thread OP
Alert

DJI GO 4 Data Security Issues Exposed


DJI Go 4 Security Concerns - Is It Safe ?

DJI Go 4 Security Concerns - Is It Safe ? (8 min 44 sec)


Today Synacktiv, a security and research company has released a report on their findings after taking a deep dive into the current and passed DJI Go 4 App on Android.

As part of their investigations they have highlighted some areas that raise some fairly large concerns with the potential behaviour and risk within the Go4 App.

Specially these include the facility to remotely trigger an update to the app outside of the Android Play Store safety net.

Concerns around the Weibo integration with in Go4 that could allow apps to be installed on users devices and issues with the app not closing down correctly or starting to run in the background on its own.

The information and findings of this have been backup and verified by GRIMM.

Further to this DJI have now released a statement as well questioning some of these findings as well as denying others altogether.

Users of the Android version of the app should look at the data for them selves and make up their own mind of what they feel is necessary from a safety and data security point of views.

In the attached video this is all explained in a little more detail as to what this is all about should people be interested in knowing more.



More info at the source here https://www.synacktiv.com/en/publica...-analysis.html


Last edited by Mad_angler1; Jul 24, 2020 at 10:59 AM.
Sign up now
to remove ads between posts
Aug 05, 2020, 03:03 PM
Bog Flusher Platinum Grade
Mad_angler1's Avatar
Thread OP
I just wanted to update you on the current situation with the DJI Go 4 App on Android.

Since the release of the Synacktiv report DJI got to work and updated the Go 4 App. This update was released to the public on the 31st July 2020 and I have been assured this resolves the concerns I highlighted in the report and my video.

Since then Synacktiv have made further allegations in relation to the DJI Pilot App used on DJI Enterprise models. DJI have clarified specific points raised like the apps ability to be updated outside of the play store. They have confirmed this is only possible for regions where the Goggle Play Store is not available and is not part of the app that is downloaded via the store.

Further to this Synacktiv also alleged that the same Weibo SDK that raised concerns in the Go 4 App was found in the Pilot App, DJI strongly deny this and say

“The DJI Pilot app for Android available from both the DJI website and the Google Play store do not integrate a software development kit (SDK) to connect with Weibo. This claim by Synacktiv is false. In fact, no versions of the DJI Pilot app have any function for users to share data to Weibo.”

Looking at this objectively it’s clear that the Go 4 App had what DJI have openly said were some bugs and specific features they have said were in place for specific regions, regardless of the cause or reason they have now addressed these with the latest update and the Pilot App does not contain the same issues.

What is now becoming an interesting question is who is actually funding these tests that Synacktiv are performing as that shoud also not be ignored ? A lot of this info has started to appear just as we have had new models released from both Skydio and Parrot. Is this a coincidence? Perhaps one of these two are behind the recent reports and while data privacy concerns must always be highlighted and taken extremely seriously there also has to be concern raised when false information starts getting posted among what appears to be facts as has been the case here with the Pilot App.

After all of this I have still not seen any actual evidence of DJI steeling users data as they are often accused, these issues in the Go 4 app did raise an eyebrow for sure but it should also be remembered these issues highlighted were what could be possible in the worst case scenario and not what anyone has proved has happened. All the information I have tells me these issues have now been addressed. Im pleased DJI were quick to react and that should be highlighted as it’s largely gone unnoticed.

Something else I will add is for me this was never about politics or country of origin. It was simply about the security of a users device and I would hold all companies to the same standard regardless of where their HQ is based.

More information can be founds in both DJI’s statements regarding this

Pilot App Statement

https://www.dji.com/uk/mobile/newsro...t-app-security

DJI original statement on data privacy concerns raised by Synacktiv

https://www.dji.com/uk/mobile/newsro...ty-researchers


Quick Reply
Message:
Thread Tools

Similar Threads
Category Thread Thread Starter Forum Replies Last Post
Alert DJI Statement On Reported Data Security Issue Tahoe Ed Multirotor Drone Talk 0 Nov 16, 2017 01:10 PM
Discussion Recording Telemetry Data with DJI GO app - How? MikeMSD FPV Equipment 1 Oct 30, 2015 08:04 AM
Discussion DJI 2.4G Data Link issues shawnadams Multirotor Drone Electronics 15 Apr 23, 2014 10:30 AM
For those in the US where your 4% of Social Security should go Majortomski Life, The Universe, and Politics 7 Aug 03, 2005 08:15 AM