back to article I've got the key, I've got the secret. I've got the key to another person's DJI drone account: Vids, info left open to theft

Chinese drone giant DJI has fixed a critical security hole that left its customer account data and quadcopter videos potentially up for grabs. From March through September this year, DJI's customer records, many of which include sensitive data from drone flights, video footage, and owners' personal details, could have been …

Mark 85
Silver badge

So Open Source is the answer?

I don't see how. Can a third party prove that there's no backdoors in the executable even if the code they give is clean of backdoors? If drone info is stored on their servers, then the government can get all they want without any user knowing anyway. What guarantee can the company make that they aren't pulling the data anyway?

Anonymous Coward
Silver badge
Facepalm

Re: So Open Source is the answer?

By including a 'local data mode' which doesn't send that info to the manufacturer's servers, perchance?

Obviously it needs to be open-source to ensure nothing is leaked that way too.

AndyS

Re: So Open Source is the answer?

> Can a third party prove that there's no backdoors in the executable even if the code they give is clean of backdoors?

Assuming the software is fully open-source, it should be possible to recompile from code, and install the locally compiled binary. Assuming your compiler isn't also a DJI product, this should give you near 100% certainty.

This is how hoby-level drones currently work - Betaflight is one of the primary bits of software used for racing drones, and it is fully open source. It's trivial to compile it from source (and many people do, to make it run on unusual hardware or to disable / enable different bits of it). Although DJI's offering is more complex, it could work the same way.

Voland's right hand
Silver badge

Re: So Open Source is the answer?

What guarantee can the company make that they aren't pulling the data anyway?

Paraphrasing Arnaud Amalric: Firewall eos. Novit enim Dominus qui sunt eius

Dan 55
Silver badge

Re: So Open Source is the answer?

There's no guarantee that local data mode is local data mode either as you don't know if the binary came from the source. You'd need to be able to compile the source yourself using switches to turn off cloud crap and update the drone with your binary to have some guarantee of security.

And DJI's competition (also in China) will copy and paste everything. Heh.

MachDiamond
Silver badge

Hold the Cloud

Anything you put on somebody else's server may wind up being public. HDD's are cheap these days. Store your data yourself and keep it private. Somehow I think Jennifer Lawrence and a bunch of other celebs aren't going to be storing naughty photos of themselves or their friends on any sort of cloud storage service anymore. They had a rather embarrassing lesson in data security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018