Full Text

Attackers could have spied in real time on drone fleets used in critical infrastructure, including both flight path data and real-time video and audio feeds, according to research by Check Point, and confirmed by drone maker DJI in a statement. The security flaw, reported by Check Point in March of this year, has since been patched.

Popular among consumer drone enthusiasts, DJI drones are also widely used in industry, manufacturing, agriculture, and critical infrastructure, and among emergency response personnel, including police and fire departments.

"The worst thing is that there is an app called FlightHub that is a very sophisticated app, basically an application that provides management capabilities between two drones or hundreds of drones, some running automated missions," Oded Vanunu, head of products vulnerability research at Check Point, tells CSO. "And this is being used by a lot of law enforcement, fire departments, police departments, government facilities, to map their environment."

"Users on the DJI FlightHub fleet management system could have had live flight information accessed," DJI wrote in a statement.

Drone data syncs unencrypted with DJI's cloud infrastructure, and DJI does not offer cloud storage with...