PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

Security vulnerabilities detected in drones made by DJI

Security vulnerabilities detected in drones made by DJI
2023-03-02
(Press-News.org) Researchers from Bochum and Saarbrücken have detected security vulnerabilities, some of them serious, in several drones made by the manufacturer DJI. These enable users, for example, to change a drone’s serial number or override the mechanisms that allow security authorities to track the drones and their pilots. In special attack scenarios, the drones can even be brought down remotely in flight.

The team headed by Nico Schiller of the Horst Görtz Institute for IT Security at Ruhr University Bochum, Germany, and Professor Thorsten Holz, formerly in Bochum, now at the CISPA Helmholtz Center for Information Security in Saarbrücken, will present their findings at the Network and Distributed System Security Symposium (NDSS). The conference will take place from 27 February to 3 March in San Diego, USA.

The researchers informed DJI of the 16 detected vulnerabilities prior to releasing the information to the public; the manufacturer has taken steps towards fixing them.

Four models put to the test

The team tested three DJI drones of different categories: the small DJI Mini 2, the medium-sized Air 2, and the large Mavic 2. Later, the IT experts reproduced the results for the newer Mavic 3 model as well. They fed the drones’ hardware and firmware a large number of random inputs and checked which ones caused the drones to crash or made unwanted changes to the drone data such as the serial number – a method known as fuzzing. To this end, they first had to develop a new algorithm.

“We often have the entire firmware of a device available for the purpose of fuzzing. Here, however, this was not the case,” as Nico Schiller describes this particular challenge. Because DJI drones are relatively complex devices, the fuzzing had to be performed in the live system. “After connecting the drone to a laptop, we first looked at how we could communicate with it and which interfaces were available to us for this purpose,” says the researcher from Bochum. It turned out that most of the communication is done via the same protocol, called DUML, which sends commands to the drone in packets.

Four severe errors

The fuzzer developed by the research group thus generated DUML data packets, sent them to the drone and evaluated which inputs caused the drone’s software to crash. Such a crash indicates an error in the programming. “However, not all security gaps resulted in a crash,” says Thorsten Holz. “Some errors led to changes in data such as the serial number.” To detect such logical vulnerabilities, the team paired the drone with a mobile phone running the DJI app. They could thus periodically check the app to see if fuzzing was changing the state of the drone.

All of the four tested models were found to have security vulnerabilities. In total, the researchers documented 16 vulnerabilities. The DJI Mini 2, Mavic Air 2 and Mavic 3 models had four serious flaws. For one, these bugs allowed an attacker to gain extended access rights in the system. “An attacker can thus change log data or the serial number and disguise their identity,” explains Thorsten Holz. “Plus, while DJI does take precautions to prevent drones from flying over airports or other restricted areas such as prisons, these mechanisms could also be overridden.” Furthermore, the group was able to crash the flying drones mid-air.

In future studies, the Bochum-Saarbrücken team intends to test the security of other drone models as well.

Location data is transmitted unencrypted

In addition, the researchers examined the protocol used by DJI drones to transmit the location of the drone and its pilot so that authorised bodies – such as security authorities or operators of critical infrastructure – can access it. By reverse engineering DJI’s firmware and the radio signals emitted by the drones, the research team was able to document the tracking protocol called “DroneID” for the first time. “We showed that the transmitted data is not encrypted, and that practically anyone can read the location of the pilot and the drone with relatively simple methods,” concludes Nico Schiller.

END

[Attachments] See images for this press release:
Security vulnerabilities detected in drones made by DJI Security vulnerabilities detected in drones made by DJI 2 Security vulnerabilities detected in drones made by DJI 3

ELSE PRESS RELEASES FROM THIS DATE:

Coastal water pollution transfers to the air in sea spray aerosol and reaches people on land

Coastal water pollution transfers to the air in sea spray aerosol and reaches people on land
2023-03-02
New research led by Scripps Institution of Oceanography at UC San Diego has confirmed that coastal water pollution transfers to the atmosphere in sea spray aerosol, which can reach people beyond just beachgoers, surfers, and swimmers. Rainfall in the US-Mexico border region causes complications for wastewater treatment and results in untreated sewage being diverted into the Tijuana River and flowing into the ocean in south Imperial Beach. This input of contaminated water has caused chronic coastal water pollution in Imperial ...

A bridge between hydrophobicity and hydrophilicity of flax fiber: A breakthrough in the multipurpose oil-water separation field

A bridge between hydrophobicity and hydrophilicity of flax fiber: A breakthrough in the multipurpose oil-water separation field
2023-03-02
The large number of oily wastewater discharges and oil spills are bringing about severe threats to environment and human health. Corresponding to this challenge, a number of functional materials have been developed and applied in oil-water separation as oil barriers or oil sorbents. These materials can be divided into two main categories which are artificial and natural. Natural materials such as green bio-materials are generally low cost and abundant with biological degradability, which are also regarded as promising alternatives for oil-water separation ...

CityU scholars unify color systems using prime numbers

CityU scholars unify color systems using prime numbers
2023-03-02
Existing colour systems, such as RGB and CYMK, are all text-based and require a large range of values to represent different colours, making them difficult to compute and time-consuming to convert. Recently, researchers from City University of Hong Kong (CityU) made a breakthrough by inventing an innovative colour system, called “C235”, based on prime numbers, enabling efficient encoding and effective colour compression. It can unify existing colour systems and has the potential to be applied in various applications, like designing an energy-saving LCD system and colourizing DNA codons. Currently, ...

UCD Archaeologist receives prestigious Dan David Prize for research on the invisible workforce behind ancient forms of art

UCD Archaeologist receives prestigious Dan David Prize for research on the invisible workforce behind ancient forms of art
2023-03-02
The Dan David Prize, the largest history prize in the world, has announced University College Dublin (UCD) Archaeologist, Dr Anita Radini, as one of nine recipients for 2023. Each of the winners - who work in Kenya, Denmark, Israel, Canada, the US and Ireland - will receive $300,000 (USD) in recognition of their achievements as emerging scholars and to support their future endeavours in the study of the human past. Dr Radini is the first in Ireland to receive this award. “Our winners represent the next generation of historians,” said Ariel ...

Putting a price tag on the amenity value of private forests

Putting a price tag on the amenity value of private forests
2023-03-02
When it comes to venturing into and enjoying nature, forests are the people’s top choice – at least in Denmark. This is also reflected in the sales prices of properties with private forest. But beyond earnings potential, this first study of its kind, conducted by the University of Copenhagen, puts a price tag on the so-called amenity value of Danish private forests. Forests have a nearly therapeutic effect on humans. Perhaps that is why eight out of ten of Danes have wandered in the woods over ...

The map to human and animal behavior

2023-03-02
What are humans? What are animals? And what makes humans unique? The comparative psychologist Fumihiro Kano has set himself a life goal to answer those questions. On 28 February 2023 it was announced that the scientist from the Cluster of Excellence “Centre for the Advanced Study of Collective Behaviour” (CASCB) at the University of Konstanz will receive the Manfred Fuchs Prize from the Heidelberg Academy of Sciences and Humanities of the State Baden-Württemberg for his interdisciplinary work in animal behaviour research. Photo gallery for the article: https://www.campus.uni-konstanz.de/en/science/the-map-to-human-behaviour Fumihiro ...

Resistance training improves sleep quality and reduces inflammation in older people with sarcopenia

Resistance training improves sleep quality and reduces inflammation in older people with sarcopenia
2023-03-02
Sarcopenia is the decline of skeletal muscle mass with age, leading to loss of muscle strength (to move objects, shake hands etc.) and performance (walking and making other routine movements effectively). It involves chronic inflammation and is associated with cognitive alterations, heart disease and respiratory disorders. In short, it affects the quality of life, reducing independence and increasing the risk of injury, falls and even death. Sarcopenia affects 15% of adults over the age of 60 and 46% of those over 80. Sleep disorders are also common in these age groups. The aging ...

Bald eagles aren’t fledging as many chicks due to avian influenza

2023-03-02
Bald eagles are often touted as a massive conservation success story due to their rebound from near extinction in the 1960s. But now a highly infectious virus may put that hard-fought comeback in jeopardy. Published in Nature’s Scientific Reports, new research from the University of Georgia showed highly pathogenic avian influenza, also known as H5N1, is killing off unprecedented numbers of mating pairs of bald eagles. “Even just one year of losses of productivity like we’ve documented regionally is very concerning and could have effects for decades to come if representative of broader regions,” said ...

New podcast gives parents a “Pediatrician Next Door”

New podcast gives parents a “Pediatrician Next Door”
2023-03-02
Imagine if harried parents could get the scientific and clinical expertise of a pediatrician just by walking only a few steps next door. That’s the premise of a new podcast, The Pediatrician Next Door, by Dr. Wendy Hunter, M.D. She brings decades of experience in emergency and primary pediatric care to answer burning questions that parents are reluctant to ask. “In the emergency room, I saw a great many frustrated parents and their kids who didn’t always get their questions answered by their pediatrician because there just wasn’t time in the clinic,” said Dr. Hunter. “Or, they didn’t have access to their ...

Existing chest scans offer new opportunities for predicting surgical risks

2023-03-02
Instead of special heart scans, physicians can use images of the chest captured months earlier, and for other reasons, to estimate patients’ risk of heart attack or death during several kinds of major surgeries, a new study shows.  Researchers at NYU Grossman School of Medicine analyzed existing computed tomography (CT) scans to estimate levels of hardened (calcified) fatty plaque deposits in the heart’s three largest blood vessels. They found that patients with greater buildup of this plaque had higher chances of developing serious health issues following surgery. Major surgeries, which usually ...

LAST 30 PRESS RELEASES:

Orphan nuclear receptors in metabolic dysfunction-associated steatotic liver disease development

A technological breakthrough for ultra-fast and greener AI

Pusan National University researchers identify key barriers hindering data-driven smart manufacturing adoption

Inking heterometallic nanosheets: A scalable breakthrough for coating, electronics, and electrocatalyst applications

Adults with autism show similar brain mapping of body parts as typically developing adults

Uncovering behavioral clues to childhood maltreatment

Premenstrual symptoms linked to increased risk of cardiovascular disease

Newly discovered remains of ancient river landscapes control ice flow in East Antarctica

Newly discovered interstellar object 'may be oldest comet ever seen'

Animal-inspired AI robot learns to navigate unfamiliar terrain

Underserved youth less likely to visit emergency department for concussion in Ontario, study finds

‘Molecular shield’ placed in the nose may soon treat common hay fever trigger

Beetles under climate stress lay larger male eggs: Wolbachia infection drives adaptive reproduction strategy in response to rising temperature and CO₂

Groundbreaking quantum study puts wave-particle duality to work

Weekly injection could be life changing for Parkinson’s patients

Toxic metals linked to impaired growth in infants in Guatemala

Being consistently physically active in adulthood linked to 30–40% lower risk of death

Nerve pain drug gabapentin linked to increased dementia, cognitive impairment risks

Children’s social care involvement common to nearly third of UK mums who died during perinatal period

‘Support, not judgement’: Study explores links between children’s social care involvement and maternal deaths

Ethnic minority and poorer children more likely to die in intensive care

Major progress in fertility preservation after treatment for cancer of the lymphatic system

Fewer complications after additional ultrasound in pregnant women who feel less fetal movement

Environmental impact of common pesticides seriously underestimated

The Milky Way could be teeming with more satellite galaxies than previously thought

New study reveals surprising reproductive secrets of a cricket-hunting parasitoid fly

Media Tip Sheet: Symposia at ESA2025

NSF CAREER Award will power UVA engineer’s research to improve drug purification

Tiny parasitoid flies show how early-life competition shapes adult success

New coating for glass promises energy-saving windows

[Press-News.org] Security vulnerabilities detected in drones made by DJI