{"id":558801,"date":"2023-03-03T00:33:04","date_gmt":"2023-03-02T21:33:04","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/security-vulnerabilities-detected-in-drones-made-by-dji\/"},"modified":"2023-03-03T00:33:04","modified_gmt":"2023-03-02T21:33:04","slug":"security-vulnerabilities-detected-in-drones-made-by-dji","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/security-vulnerabilities-detected-in-drones-made-by-dji\/","title":{"rendered":"#Security vulnerabilities detected in drones made by DJI"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a38f92b42aac\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a38f92b42aac\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/security-vulnerabilities-detected-in-drones-made-by-dji\/#%E2%80%9CSecurity_vulnerabilities_detected_in_drones_made_by_DJI%E2%80%9D\" >&#8220;Security vulnerabilities detected in drones made by DJI&#8221;<\/a><ul class='ez-toc-list-level-2' ><li class='ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/security-vulnerabilities-detected-in-drones-made-by-dji\/#Four_models_put_to_the_test\" >Four models put to the test<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/security-vulnerabilities-detected-in-drones-made-by-dji\/#Four_severe_errors\" >Four severe errors<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/buradabiliyorum.com\/en\/security-vulnerabilities-detected-in-drones-made-by-dji\/#Location_data_is_transmitted_unencrypted\" >Location data is transmitted unencrypted<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CSecurity_vulnerabilities_detected_in_drones_made_by_DJI%E2%80%9D\"><\/span>&#8220;Security vulnerabilities detected in drones made by DJI&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div>\n<div class=\"article-gallery lightGallery\">\n<div data-thumb=\"https:\/\/scx1.b-cdn.net\/csz\/news\/tmb\/2023\/security-vulnerabiliti.jpg\" data-src=\"https:\/\/scx2.b-cdn.net\/gfx\/news\/hires\/2023\/security-vulnerabiliti.jpg\" data-sub-html=\"The security of drones was already the subject of Nico Schiller's master's thesis at Ruhr University Bochum. He is currently researching this topic for his doctorate. Credit: RUB, Marquard\">\n<figure class=\"article-img\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/scx1.b-cdn.net\/csz\/news\/800a\/2023\/security-vulnerabiliti.jpg\" alt=\"Security vulnerabilities detected in drones made by DJI\" title=\"The security of drones was already the subject of Nico Schiller's master's thesis at Ruhr University Bochum. He is currently researching this topic for his doctorate. Credit: RUB, Marquard\" width=\"800\" height=\"530\"\/><figcaption class=\"text-darken text-low-up text-truncate-js text-truncate mt-3\">\n                The security of drones was already the subject of Nico Schiller&#8217;s master&#8217;s thesis at Ruhr University Bochum. He is currently researching this topic for his doctorate. Credit: RUB, Marquard<br \/>\n            <\/figcaption><\/figure>\n<\/div>\n<\/div>\n<p>Researchers from Bochum and Saarbr\u00fccken have detected security vulnerabilities, some of them serious, in several drones made by the manufacturer DJI. These enable users, for example, to change a drone&#8217;s serial number or override the mechanisms that allow security authorities to track the drones and their pilots. In special attack scenarios, the drones can even be brought down remotely in flight.<\/p>\n<p>The team headed by Nico Schiller of the Horst G\u00f6rtz Institute for IT Security at Ruhr University Bochum, Germany, and Professor Thorsten Holz, formerly in Bochum, now at the CISPA Helmholtz Center for Information Security in Saarbr\u00fccken, will present their findings at the Network and Distributed System Security Symposium (NDSS). The conference will take place from February 27 to March 3 in San Diego, USA.<\/p>\n<p>The researchers informed DJI of the 16 detected vulnerabilities prior to releasing the information to the public; the manufacturer has taken steps towards fixing them.\n<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Four_models_put_to_the_test\"><\/span>Four models put to the test<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The team tested three DJI drones of different categories: the small DJI Mini 2, the medium-sized Air 2, and the large Mavic 2. Later, the IT experts reproduced the results for the newer Mavic 3 model as well. They fed the drones&#8217; hardware and firmware a large number of random inputs and checked which ones caused the drones to crash or made unwanted changes to the drone data such as the serial number\u2014a method known as fuzzing. To this end, they first had to develop a new algorithm.<\/p>\n<p>&#8220;We often have the entire firmware of a device available for the purpose of fuzzing. Here, however, this was not the case,&#8221; says Nico Schiller. Because DJI drones are relatively complex devices, the fuzzing had to be performed in the live system. &#8220;After connecting the drone to a laptop, we first looked at how we could communicate with it and which interfaces were available to us for this purpose,&#8221; says the researcher from Bochum. It turned out that most of the communication is done via the same protocol, called DUML, which sends commands to the drone in packets.\n<\/p>\n<div class=\"article-gallery lightGallery\">\n<div data-thumb=\"https:\/\/scx1.b-cdn.net\/csz\/news\/tmb\/2023\/security-vulnerabiliti-1.jpg\" data-src=\"https:\/\/scx2.b-cdn.net\/gfx\/news\/hires\/2023\/security-vulnerabiliti-1.jpg\" data-sub-html=\"The researchers looked for security gaps in the firmware and scrutinized the inner workings of the drones. Credit: RUB, Marquard\">\n<figure class=\"article-img text-center\"><img decoding=\"async\" src=\"https:\/\/scx1.b-cdn.net\/csz\/news\/800a\/2023\/security-vulnerabiliti-1.jpg\" alt=\"Security vulnerabilities detected in drones made by DJI\" title=\"The researchers looked for security gaps in the firmware and scrutinized the inner workings of the drones. Credit: RUB, Marquard\"\/><figcaption class=\"text-left text-darken text-truncate text-low-up mt-3\">\n                The researchers looked for security gaps in the firmware and scrutinized the inner workings of the drones. Credit: RUB, Marquard<br \/>\n            <\/figcaption><\/figure>\n<\/div>\n<\/div>\n<h2><span class=\"ez-toc-section\" id=\"Four_severe_errors\"><\/span>Four severe errors<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>The fuzzer developed by the research group thus generated DUML data packets, sent them to the drone and evaluated which inputs caused the drone&#8217;s software to crash. Such a crash indicates an error in the programming. &#8220;However, not all security gaps resulted in a crash,&#8221; says Thorsten Holz. &#8220;Some errors led to changes in data such as the serial number.&#8221;<\/p>\n<p>To detect such logical vulnerabilities, the team paired the drone with a mobile phone running the DJI <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>. They could thus periodically check the app to see if fuzzing was changing the state of the drone.<\/p>\n<p>All of the four tested models were found to have security vulnerabilities. In total, the researchers documented 16 vulnerabilities. The DJI Mini 2, Mavic Air 2 and Mavic 3 models had four serious flaws. For one, these bugs allowed an attacker to gain extended access rights in the system.<\/p>\n<p>&#8220;An attacker can thus change log data or the serial number and disguise their identity,&#8221; explains Thorsten Holz. &#8220;Plus, while DJI does take precautions to prevent drones from flying over airports or other restricted areas such as prisons, these mechanisms could also be overridden.&#8221; Furthermore, the group was able to crash the flying drones mid-air.<\/p>\n<p>In future studies, the Bochum-Saarbr\u00fccken team intends to test the security of other drone models as well.<\/p>\n<p>                                            <!-- Google middle Adsense block --><\/p>\n<h2><span class=\"ez-toc-section\" id=\"Location_data_is_transmitted_unencrypted\"><\/span>Location data is transmitted unencrypted<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>In addition, the researchers examined the protocol used by DJI drones to transmit the location of the drone and its pilot so that authorized bodies\u2014such as security authorities or operators of critical infrastructure\u2014can access it.<\/p>\n<p>By reverse engineering DJI&#8217;s firmware and the radio signals emitted by the drones, the research team was able to document the tracking protocol called &#8220;DroneID&#8221; for the first time. &#8220;We showed that the transmitted data is not encrypted, and that practically anyone can read the location of the pilot and the drone with relatively simple methods,&#8221; concludes Nico Schiller.\n                                                                                                                            <\/p>\n<div class=\"article-main__more p-4\">\n<p><strong>More information:<\/strong><br \/>\n                                                Paper: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ndss-symposium.org\/ndss-paper\/drone-security-and-the-mysterious-case-of-djis-droneid\/\">www.ndss-symposium.org\/ndss-pa \u2026 ase-of-djis-droneid\/<\/a><\/p>\n<p>Conference: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.ndss-symposium.org\/\">www.ndss-symposium.org\/<\/a><\/p>\n<\/div>\n<div class=\"d-inline-block text-medium my-4\">\n                                                Provided by<br \/>\n                                                                                                    Ruhr-Universitaet-Bochum<br \/>\n                                                                                                        <a rel=\"nofollow noopener\" target=\"_blank\" class=\"icon_open\" href=\"http:\/\/www.ruhr-uni-bochum.de\/index_en.htm\"><br \/>\n                                                        <svg><use href=\"https:\/\/techx.b-cdn.net\/tmpl\/v2\/img\/svg\/sprite.svg#icon_open\" x=\"0\" y=\"0\"\/><\/svg><\/a><\/p><\/div>\n<p>                                        <!-- print only --><\/p>\n<div class=\"d-none d-print-block\">\n<p>\n                                                <strong>Citation<\/strong>:<br \/>\n                                                Security vulnerabilities detected in drones made by DJI (2023, March 2)<br \/>\n                                                retrieved 2 March 2023<br \/>\n                                                from https:\/\/techxplore.com\/<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a>\/2023-03-vulnerabilities-drones-dji.html<\/p>\n<p>                                            This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no<br \/>\n                                            part may be reproduced without the written permission. The content is provided for information purposes only.<\/p><\/div>\n<\/p><\/div>\n<p><script id=\"facebook-jssdk\" async=\"\" src=\"https:\/\/connect.facebook.net\/en_US\/sdk.js\"><\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more Like this articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/science\/\" target=\"_blank\" rel=\"noopener\">Science category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/techxplore.com\/news\/2023-03-vulnerabilities-drones-dji.html\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Security vulnerabilities detected in drones made by DJI&#8221; The security of drones was already the subject of Nico Schiller&#8217;s master&#8217;s thesis at Ruhr University Bochum. He is currently researching this topic for his doctorate. Credit: RUB, Marquard Researchers from Bochum and Saarbr\u00fccken have detected security vulnerabilities, some of them serious, in several drones made by&#8230;<\/p>\n","protected":false},"author":1,"featured_media":558802,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/scx2.b-cdn.net\/gfx\/news\/hires\/2023\/security-vulnerabiliti.jpg","fifu_image_alt":"","footnotes":""},"categories":[16],"tags":[],"class_list":["post-558801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sciencee"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/558801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=558801"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/558801\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/558802"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=558801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=558801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=558801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}