DJI Spark Selfie Drone

DJI Spark Selfie Drone

Review date: Nov. 1, 2018

|
|

Mozilla says

|
People voted: Super creepy
Who doesn't need a mini-drone that can follow you around and take pretty pictures? This little drone sounds a bit like a puppy--it follows hands commands such as away, follow, beckon, selfie, and record. It even recognizes your face and will launch directly from your palm and hover there waiting for you to tell it what to do. Throw in a nice camera and you can take the coolest pics on your block. Just one thing, these drones have a history of being easily hacked.

What could happen if something goes wrong?

DJI drones have been easily hacked in the past. In 2017, the US Military issued a ban on using this company's drones for military purposes. Owning an insecure flying camera could present some problems for civilians too, so buyer beware.
mobile Privacy Security A.I.

Can it snoop on me? information

Camera

Device: Yes

App: Yes

Microphone

Device: Yes

App: Yes

Tracks location

Device: Yes

App: Yes

What can be used to sign up?

What data does the company collect?

How does the company use this data?

How can you control your data?

What is the company’s known track record of protecting users’ data?

Average

Can this product be used offline?

Can’t Determine

User-friendly privacy information?

No

Links to privacy information

Does this product meet our Minimum Security Standards? information

No

Encryption

No

Strong password

No

Security updates

Yes

Manages vulnerabilities

Yes

Information security researchers have complained that the bug bounty program is ineffective.

Privacy policy

Yes

Does the product use AI? information

Can’t Determine

Is this AI untrustworthy?

Can’t Determine

What kind of decisions does the AI make about you or for you?

Is the company transparent about how the AI works?

Can’t Determine

Does the user have control over the AI features?

Can’t Determine


News

Security flaw in DJI’s website and apps exposed accounts to hackers and drone live feeds
TechCrunch
It took about six months for popular consumer drone maker DJI to fix a security vulnerability across its website and apps, which if exploited could have given an attacker unfettered access to a drone owner’s account. The vulnerability, revealed Thursday by researchers at security firm Check Point, would have given an attacker complete access to a DJI user’s cloud stored data, including drone logs, maps, any still or video footage — and live feed footage through FlightHub, the company’s fleet management system — without the user’s knowledge.
DJI's Spark drones to be bricked by September 1 unless firmware updated
The Register
Hackers have boasted that DJI's latest Spark drone firmware update was bypassed in mere hours – including downtime to enjoy the recent solar eclipse.
Man gets threats—not bug bounty—after finding DJI customer data in public view
Ars Technica
DJI, the Chinese company that manufactures the popular Phantom brand of consumer quadcopter drones, was informed in September that developers had left the private keys for both the "wildcard" certificate for all the company's Web domains and the keys to cloud storage accounts on Amazon Web Services exposed publicly in code posted to GitHub. Using the data, researcher Kevin Finisterre was able to access flight log data and images uploaded by DJI customers, including photos of government IDs, drivers licenses, and passports. Some of the data included flight logs from accounts associated with government and military domains.

Comments

Got a comment? Let us hear it.