nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
I've got the key, I've got the secret. I've got the key to another person's DJI drone account: Vids, info left open to theft

Mark 85 Silver badge

So Open Source is the answer?

I don't see how. Can a third party prove that there's no backdoors in the executable even if the code they give is clean of backdoors? If drone info is stored on their servers, then the government can get all they want without any user knowing anyway. What guarantee can the company make that they aren't pulling the data anyway?

Anonymous Coward Silver badge
Facepalm

Re: So Open Source is the answer?

By including a 'local data mode' which doesn't send that info to the manufacturer's servers, perchance?

Obviously it needs to be open-source to ensure nothing is leaked that way too.

AndyS

Re: So Open Source is the answer?

> Can a third party prove that there's no backdoors in the executable even if the code they give is clean of backdoors?

Assuming the software is fully open-source, it should be possible to recompile from code, and install the locally compiled binary. Assuming your compiler isn't also a DJI product, this should give you near 100% certainty.

This is how hoby-level drones currently work - Betaflight is one of the primary bits of software used for racing drones, and it is fully open source. It's trivial to compile it from source (and many people do, to make it run on unusual hardware or to disable / enable different bits of it). Although DJI's offering is more complex, it could work the same way.

Voland's right hand Silver badge

Re: So Open Source is the answer?

What guarantee can the company make that they aren't pulling the data anyway?

Paraphrasing Arnaud Amalric: Firewall eos. Novit enim Dominus qui sunt eius

Dan 55 Silver badge

Re: So Open Source is the answer?

There's no guarantee that local data mode is local data mode either as you don't know if the binary came from the source. You'd need to be able to compile the source yourself using switches to turn off cloud crap and update the drone with your binary to have some guarantee of security.

And DJI's competition (also in China) will copy and paste everything. Heh.

MachDiamond Silver badge

Hold the Cloud

Anything you put on somebody else's server may wind up being public. HDD's are cheap these days. Store your data yourself and keep it private. Somehow I think Jennifer Lawrence and a bunch of other celebs aren't going to be storing naughty photos of themselves or their friends on any sort of cloud storage service anymore. They had a rather embarrassing lesson in data security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing