DJI Mavic Pro Drone | Breaking Cybersecurity News | The Hacker News

Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations (DJI) that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers. The twin reports, courtesy of cybersecurity firms Synacktiv and GRIMM , found that DJI's Go 4 Android app not only asks for extensive permissions and collects personal data (IMSI, IMEI, the serial number of the SIM card), it makes use of anti-debug and encryption techniques to thwart security analysis. "This mechanism is very similar to command and control servers encountered with malware," Synacktiv said. "Given the wide permissions required by DJI GO 4 — contacts, microphone, camera, location, storage, change network connectivity — the DJI or Weibo Chinese servers have almost full control over the user's phone." The ...

Cybersecurity researchers at Check Point today revealed details of a potential dangerous vulnerability in DJI Drone web app that could have allowed attackers access user accounts and synced sensitive information within it, including flight records, location, live video camera feed, and photos taken during a flight. Thought the vulnerability was discovered and responsibly reported by the security firm Check Point to the DJI security team in March this year, the popular China-based drone manufacturing company fixed the issue after almost six months in September. The account takeover attack takes advantage of a total of three vulnerabilities in the DJI infrastructure, including a Secure Cookie bug in the DJI identification process, a cross-site scripting (XSS) flaw in its Forum and a SSL Pinning issue in its mobile app. The first vulnerability, i.e. not having the "secure" and "httponly" cookie flag enabled, allowed attackers to steal login cookies of a user b...

In today's rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay ahead of attackers with cost-effective, frequent, and thorough security assessments. Strengthen Your Defenses: The Role of Internal and External Pentests  Effective cybersecurity requires addressing threats from both inside and outside your organization. Automated solutions streamline this process, enabling IT teams to implement a holistic and proactive defense strategy. Internal Pentesting: Securing the Core Internal pentesting simulates an attacker operating within your network, exposing vulnerabilities such as insider threats, compromised credentials, or breaches through physical or ...