back to article Drone-maker DJI's Go app contains naughty Javascript hot-patching framework

Chinese drone firm DJI appears to have baked a hot-patching framework into its Go app that breaks Apple's App Store terms and conditions, according to drone hacker sources. The patching framework in question, JSPatch, appears to be baked into the iOS version of Go. Earlier this year Apple ejected a handful of JSPatch-using …

  1. Anonymous Coward
    Anonymous Coward

    You wouldn't get this sort of due diligence in the Android app store.

    1. Anonymous Coward
      Anonymous Coward

      Well you wouldn't.

      1. DryBones

        Except Apple have said nothing about this, and it was all users making note of such, so pretty much equivalent to the Play Store? Has it been kicked out of the Apple Store yet?

        This sort of hot patching is like malware vector #1.

  2. Your alien overlord - fear me

    Can't someone just tell DJI to keep their fricking noses out of how their drones are used. Once paid for, that's it. Unless of course they want to take full legal responsibility of the drones usage at all times :-)

    1. Anonymous Coward
      Black Helicopters

      You must not question the gods of data collection, "all data is good, your data is better".

    2. Haku

      "Once paid for, that's it."

      Sadly when you've oughtright bought a product that doesn't have any ongoing payment contract, some companies believe you only have what approximates to a license to use it because they don't want you to take it apart or repair/modify/upgrade it yourself.

      This is noteable in the car industry where they're practically computers on wheels that contain propritary software you're apparently not allowed to reverse engineer.

      It's also very noteable in the agricultural industry in America, where farmers are not allowed to fix the vehicles they paid for and 'own' - https://www.wired.com/2015/04/dmca-ownership-john-deere/

      1. David 132 Silver badge
        Facepalm

        Re: "Once paid for, that's it."

        Mrs 132 and I were in the old Oregon ghost-town of Shaniko a few weeks ago (well worth a visit, btw), and among the exhibits is a mid-C19th John Deere covered wagon (of the "Oregon Trail" sort). The thought of some hardy 1860s pioneer being told that he couldn't modify, improve or disassemble his newly-acquired wagon in any way makes me laugh. Compare with the company's current products, which as you say, come with an EULA that makes Oracle look like a bunch of property-is-theft-man hippies. Very depressing.

        1. LDS Silver badge

          Re: "Once paid for, that's it."

          Given the speed of a wagon, the low level technology, the traffic, and that occupants weren't going to sue the makers in case of an incident.. and probably many idiots died and killed other people because they made the wrong modifications.

          Idiots modifying vehicles able to reach 200 km/h or more, or to fly, are not really welcome.

    3. Mark 65

      To an extent this is all good. For the time being, having the flight engine most want to use, it is a bit of a shitty situation. However, in time I believe this nonchalant bullshit will result in a viable open source flight system coming to pass. Invention to a large extent is driven by someone somewhere acting like an arsehole, it tends to bring the right types out of the woodwork to help. Think retired aeronautics engineer who gets the shits because his grandson's expensive new drone stopped working as it should due to a sly update etc. I have faith in this case that DJI's time at the top has peaked.

  3. GarethWright.com

    Security Concerns - Not rocket science.....

    The military security concerns revolve around the black box SD card glued into the drones.

    It stores flight logs, co-ordinates, images used for precision takeoff and landing as well as logs re: rf interference etc.

    Should a drone crash or be shot down, an enemy can recover and gather valuable intel.

    1. Dabooka
      Black Helicopters

      Re: Security Concerns - Not rocket science.....

      Source?

      1. The Bionic Man

        Re: Security Concerns - Not rocket science.....

        It's true, I have a Phantom 3.

        Connect it to a PC and hit a button on the phone/tablet and it downloads all telemetry, gigabytes of the stuff.

        There is a cut-down version within the app that's just a few megabytes, but it's on the phone/tablet too.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020