Skip to Content
DJI drone security flaws
© Valio84sl |
Security & privacy

Have a DJI drone? Beware of this serious security flaw

Drones are complex devices and need to have their firmware updated often. Sometimes this adds more features. On other occasions, it’s desperately needed to plug security flaws.

Read on to see how a flaw can bring down your DJI drone and expose your location.

Hackers targeting DJI drones

DJI is undoubtedly one of the most popular drone manufacturers, with people globally taking to the skies with a Mavic, Phantom or Air. With powerful cameras and sophisticated mechanics, many drones are high-powered gadgets used for commercial photography.

As with any device that uses complex components, the software that drives them is vital. Unfortunately, 16 severe vulnerabilities have been discovered in DJI drone models that hackers can use mid-flight to take control and force them to crash. Not only that, but the flaws can also give away your physical location.

Security researchers at Ruhr University Bochum in Germany found that the DJI Mini 2, DJI Air 2 and DJI Mavic 2 drones are susceptible to “fuzzing.” That’s when someone floods the drone with random commands to exploit a vulnerability. 

This can cause the gadget to crash or lets them take complete control from the pilot. “Based on reverse engineering of DJI firmware, we designed and implemented a decoder for DJI’s proprietary tracking protocol DroneID, using only cheap COTS hardware,” researchers explain.

Through these methods, the team demonstrated that the transmitted data is not encrypted but accessible to anyone, compromising the drone operator’s privacy. Most of the vulnerabilities can be exploited through a mobile phone.

Update your drone ASAP

Like your computer or smartphone, you must ensure your drone’s software is updated to the latest version. DJI was made aware of the security flaws before researchers released their data and rolled out a patch to prevent abuse.

If you own a DJI drone, you should update its firmware immediately. This is done through the DJI Fly app or using DJI Assistant 2. If you are using the app, you’ll see an update alert when your phone connects to the drone.

The other method to update your drone is to connect it to your computer and run the DJI Assistant 2 software. Once connected, click Update in the top right-hand corner of the firmware history page, and it should begin the download.

Keep reading

Protect your privacy: A guide to avoiding drone surveillance

How to hide from drones: 3 ways to protect your privacy and swerve surveillance

Komando Community background

Join the Komando Community

Get even more know-how in the Komando Community! Here, you can enjoy The Kim Komando Show on your schedule, read Kim's eBooks for free, ask your tech questions in the Forum — and so much more.

Try it for 30 days