DJI Spark Selfie Drone
Who doesn't need a mini-drone that can follow you around and take pretty pictures? This little drone sounds a bit like a puppy--it follows hands commands such as away, follow, beckon, selfie, and record. It even recognizes your face and will launch directly from your palm and hover there waiting for you to tell it what to do. Throw in a nice camera and you can take the coolest pics on your block. Just one thing, these drones have a history of being easily hacked.
What could happen if something goes wrong?
DJI drones have been easily hacked in the past. In 2017, the US Military issued a ban on using this company's drones for military purposes. Owning an insecure flying camera could present some problems for civilians too, so buyer beware.
mobile Privacy Security A.I.
What can be used to sign up?
What data does the company collect?
How does the company use this data?
How can you control your data?
What is the company’s known track record of protecting users’ data?
Can this product be used offline?
User-friendly privacy information?
Links to privacy information
Does this product meet our Minimum Security Standards?
Information security researchers have complained that the bug bounty program is ineffective.
Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds
It took about six months for popular consumer drone maker DJI to fix a security vulnerability across its website and apps, which if exploited could have given an attacker unfettered access to a drone owner’s account. The vulnerability, revealed Thursday by researchers at security firm Check Point, would have given an attacker complete access to a DJI user’s cloud stored data, including drone logs, maps, any still or video footage — and live feed footage through FlightHub, the company’s fleet management system — without the user’s knowledge.
DJI's Spark drones to be bricked by September 1 unless firmware updated
Hackers have boasted that DJI's latest Spark drone firmware update was bypassed in mere hours – including downtime to enjoy the recent solar eclipse.
Man gets threats—not bug bounty—after finding DJI customer data in public view
DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.
Got a comment? Let us hear it.