Given the wide permissions required by DJI GO 4 5 (access contacts, microphone, camera, location, storage, change network connectivity, etc.), the DJI or Weibo Chinese servers have almost full control over the user’s phone. This mechanism is very similar to command and control servers encountered with malwares. ![]() After de-obfuscation, our research located two features of the software that call home and wait for a file that orders the user’s phone to install a forced update or install a new software.Despite being under scrutiny, DJI did not improve the transparency surrounding the potential abuse of its Android mobile application: DJI GO 4 application makes use of the similar anti-analysis techniques as malware, such as anti-debug, obfuscation, packing and dynamic encryption.While there are technical reports 4 sponsored by DJI stating that their associated mobile application, DJI GO 4, is harmless and does not send any personal information back to the Chinese manufacturer, we wanted to assess the technical capabilities of the application ourselves. One of the market leaders, China-based Daijiang Innovations (DJI), is often in the news for suspected cybersecurity and data privacy issues 1 2 3. ![]() Drones are currently one of the most dynamic products, with multiple use cases across sectors such as personal and commercial videography, farming and land surveying, law enforcement and national security, and more.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |