back to article DJI strips out code badness, reveals some GPL odds 'n sods

Chinese drone company DJI has removed hot-patching frameworks discovered in its apps by hackers – and is beginning to reveal GPL-licensed elements in its code. Informed sources told The Register the latest versions of DJI’s Go app, which is the mobile app used for controlling the firm’s drones in flight, have had JSPatch and …

  1. AnoniMouse

    user freedom?

    Will those in favour of unbridled hacking of drone code be content with the same freedom for the code in driverless cars on the public highway?

    1. ArrZarr Silver badge

      Re: user freedom?

      Different situation. An automated car is fully reliant upon software for all decision making. A closer example would be a normal, human driven car having a manufacturer controlled kill switch to bring it to a (presumably safe) halt if it were driven to a specific location.

      Something I'd be dead against in my car.

      1. AnoniMouse

        Re: user freedom?

        @ArrZarr

        Your analogy is about the capabilities of the manufacturer - and I agree, that such capabilities might be abused.

        I was more concerned about the capabilities of world+dog to reprogram any of the increasing number of devices that are "fully reliant on software" and on which we increasingly depend.

    2. johnmc

      Re: user freedom?

      You miss the obvious -- Cars that humans have to drive are already 'hacked'.

  2. RPF

    A terrorists wet-dream, this. Park a drone on the approach to any major airport's runway? Yes please.

    Send explosives into a prison? Fantastic.

    What are the positives that outweigh those negatives, then?

    1. The Mole

      You do know that remote control model planes have been available for decades don't you? And that building a drone from scratch with a few motors, arduino and gps module isn't exactly difficult.

      If it doesn't make a blind bit of difference to the negatives happening then why punish everybody else?

      1. Aodhhan Bronze badge

        Don't compare drones with RC aircraft. There are huge differences in the capabilities and utility between RC aircraft and quadra-copter drones:

        First, the controllability is very different -- even in the most stable conditions.

        Second, is utility. Drones carry much more weight.

        Third is another utility item... you don't have to put a lot of thought into weight and balance with a drone. With an RC aircraft, you can't just pack it anywhere with explosives or it will be uncontrollable, and even if you do manage to keep the center of gravity correct you will not be able to put much explosive on it.

        I can mention at least 4-5 other items (software, automation, etc.) but you get the point.

        1. Anonymous Coward
          Anonymous Coward

          Hmm, not exactly sure what your point is?

          Can I do something silly with a radio control plane... yes. Can I do something silly with a quadcopter... yes. Can a radio control plane be modified by someone with half a brain to carry a dangerous payload... yes. Can a quadcopter carry a dangerous payload....yes. Can a cat/dog/trained hamster/radio controlled shark/half brick/bicycle/car/bus/postman or skateboard carry a dangerous payload....yes.

          Can you put the genie of arduino computers/lipo batteries/gps etc back in their bottles...no.

        2. leenex

          A long time ago, at Peenemünde, there was a guy called Werner von Braun.

          When they told him

          With an RC aircraft, you can't just pack it anywhere with explosives or it will be uncontrollable, and even if you do manage to keep the center of gravity correct you will not be able to put much explosive on it.

          ... he chuckled.

      2. TheRealRoland

        >A terrorists wet-dream, this.

        >What are the positives that outweigh those negatives, then?

        >>You do know that remote control model planes have been available for decades don't you?

        Don't give Fox News in the UK the pleasure to rant about things, in order to generate some last gasps of faux outrage, please.

    2. Yet Another Anonymous coward Silver badge

      How exactly do you protect it from this?

      By submitting precise geographical coordinates of all your secret facilities and critical infrastructure to a Chinese company and have them broadcast this to everyone in the world who subscribed to their updates?

    3. Anonymous Coward
      Anonymous Coward

      What are the positives that outweigh those negatives, then?

      It's good and right that people can express themselves in any way they like.

  3. grizewald
    Facepalm

    Interesting how DJI only start removing things like JSPatch and opening GPL code when they've been caught red handed.

    Anyone trusting DJI to do the right thing has their head in the clouds.

  4. Anonymous Coward
    Anonymous Coward

    Listen guys

    We have some serious military customers who are really pissed right now, could you send us all you know so we can lock you out for a while and get them off our backs?

    Oh yeah and sorry to all you other RC guys who are now facing strict regulation due to us selling thousands of items to morons, it's just business, not personal.

    Lots of love DJI.

  5. Anonymous Coward
    Anonymous Coward

    Wondering ...

    ... since we know hoping for effective geofencing in locked software is quite hopeless, without even discussing home made drones, why not having a powerful directional jammer for all the morons using drones near airports/other critical infra ? I seem to have read about this, recently ...

    1- jam the darn thing if not in the right place

    2- immediately destroy it upon reaching the floor

    3- problem solved. People will think twice after some time

    1. Yet Another Anonymous coward Silver badge

      Re: Wondering ...

      Drones use GPS for navigation

      It is possible that powerful GPS jammers in the vicinity of all airports, ports, hospital helipads etc might have unforeseen (or pretty easily forseen) consequences.

      ps cell phones cause a large proportion of car accidents and supposedly cause filling stations and aircraft to explode at the slightest use. Perhaps massive GSM jammers could be provided along all roads and the phones destroyed when seen in use

      1. JaitcH
        WTF?

        Re: Wondering ...

        GPS is used for far more than navigation these days from trains, ATMs, rime standard, etc.

        Hardly practical.

      2. Hans 1 Silver badge
        Facepalm

        Re: Wondering ...

        GPS jammers ? Why jam GPS ? You want to PREVENT the drone from KNOWING IT IS ENTERING A NO-FLY ZONE ? Crikey ... do you know what you are talking about ? Thought not ...

        here, for you: http://www.dummies.com/consumer-electronics/drones/understanding-how-your-drone-is-controlled/

        Drones use the 900Mhz frequency, so you jam that ... drone gets too close to a protected area, communication between remote and drone gets jammed.

        Some drones use WIFI, however, they have much shorter range ... maybe wanna jam that, as well around the facility, also makes sense, would not want somebody with a lappy trying to crack your WIFI password, right ?

        1. Anonymous Coward
          Anonymous Coward

          Re: Wondering ...do you

          know what you are talking about?

          1. Drones aren't controlled by 900 MHz radio signals, (900 MHz is used in the USA for telemetry/video from drones to ground, in the UK lower frequency bands are approved for this). The actual ground control signals can be at various frequencies, typically 25 to 35 MHz.

          2. Drone hardware/software is widely available and fairly flexible. It is looking for a digital or analogue radio input. The autopilot doesn't care and there is nothing to stop you controlling a drone with whatever radio you want on whatever frequency you and a roll of insulating tape care to bodge up. So actually you better surround your airport with a big Faraday cage (you can have little automatically opening gates to let the planes in and out), and hope that no one thinks of controlling their drone with lasers or infra-red or sound.

          3. Drones have computers on them! You can program a computer! You might program a computer to 'turn off radio - take off - fly to coordinates XYZ - take picture - fly to coordinates ABC - land'.

          1. stu 4

            Re: Wondering ...do you

            modern drones or any other RC havn't used 25-35Mhz since the 90s....

            DJI uses 2.4 and 5.8Mhz.

            Most RC these days use 2.4Mhz.

            the days of 27Mhz and 1/2 meter long aerials with flags on the top ended nearly 2 decades ago.

            1. Anonymous Coward
              Anonymous Coward

              Re: Wondering ...do you

              "DJI uses 2.4 and 5.8Mhz.

              Most RC these days use 2.4Mhz."

              GHz I think you meant there.

              There are aslo a few open source around 433MHz (459MHz in the UK),

              TBS crossfire (Frequency Bands: 868MHz (EU, Russia) / 915MHz (USA, Asia, Australia))

              and of course anything else someone with RF knowledge and little care for legality cares to use.

            2. Anonymous Coward
              Anonymous Coward

              mea culpa

              Teach me to go all incompetent pedant mode.

        2. oldcoder

          Re: Wondering ...

          Don't you remember the demonstrations of something like a 232 mile record distance with wifi?

          https://www.wired.com/2007/06/w_wifi_record_2/

          This one did use some special antenna, but the range limits are

          NOT limited to 100 feet by design. It is only limited by construction.

          Even then, it is entire possible to build a slow cruse missile...

    2. Cynic_999 Silver badge

      Re: Wondering ...

      Quadcopters can trivially be programmed to fly a pre-determined route without any need for control signals other than a GPS signal. And if GPS were to be jammed (causing far more harm than good), it would not be long before someone writes some rudimentary inertial navigation software using the aircraft's accelerometers - which are plenty good enough to keep it reasonably on course for its 10 to 30 minute battery life.

    3. JaitcH
      WTF?

      Re: Wondering ...

      If you jam drones 'in the wrong place' you will have a whole crowd of smartphone users complaining about loosing their WiFi.

      Not too practical

  6. Anonymous Coward
    Anonymous Coward

    Banks...

    So how are banks getting away with it then? HSBC app updates itself from within the app, not via play store.

    1. Yet Another Anonymous coward Silver badge

      Re: Banks...

      The update is still being got from the store via the app, and hence approved by Apple/Google

  7. Teiwaz Silver badge

    morons

    RC guys who are now facing strict regulation due to us selling thousands of items to morons,

    And about 90% of the problem is all down to calling the damn things 'drones'

    If they'd stuck to a nice geeky name, say, with 'model' in the title rather than something potentially macho and/or cool, there wouldn't be the same interest.

  8. JaitcH
    Thumb Down

    My property, my business

    I, for one, am fed up with the Job's/Apple attitude that YOUR property is subject to Apple's control which means our company doesn't use anything from them.

    Likewise with DJI although their software is more accessible for customisation. Funny how over-priced equipment shares similarly arrogance from their respective manufacturers. Windows proved that Apple is wrong.

    DJI owners have a similar attitude as iPhone owners. DJI is overrated, there are many better featured drones, for the experienced operator. And there are better cameras than those promoted by DJI available at lower cost.

    In the meantime, register your DJI product in Mongolia, they have open skies and you can fly wherever you want to elsewhere.

    1. Lord Elpuss Silver badge

      Re: My property, my business

      "I, for one, am fed up with the Job's/Apple attitude that YOUR property is subject to Apple's control which means our company doesn't use anything from them."

      Why single Apple out here? The other major vendors are exactly the same. Windows Mobile and Android by default both mandate app installation via the App Store; and apps are subject to a vetting policy. Android's vetting policy used to be hilariously lax (not exactly a plus in my book) but is now much stronger.

      On any of the three major mobile platforms you have the option to disable this if you don't like the restrictions, by jailbreaking or disabling app security restrictions. Then you can do what you like.

      The situation is much the same on the desktop. Windows, MacOS and many flavors of Linux offer an App Store which you're encouraged to use, which aims to curate and monitor quality but you don't have to use it - you can install what you like from other sources if you accept that this might carry a security risk.

      The fact that you're singling Apple out here suggests that you're either hopelessly biased, or that you don't understand the issue.

    2. anonymous boring coward Silver badge

      Re: My property, my business

      Apple is less of a nuisance than Google and MS in my opinion.

      Yes, Apple introduced the much needed central app depository with vetting, and update management. It was horrible before that -trying to remember the bad old days with my various Nokias etc... But they never forced you to update anything. They did stop users from being idiots, which users try to be constantly, because they are. Just look at the Google silliness with letting apparently vetted apps ask for permission to access pretty much everything on your phone! Phat security that gives...

      "Windows proved that Apple is wrong."

      Explain your thinking here? OSX isn't closed. Windows isn't closed. In what way did Windows prove Apple wrong?

  9. Chris Coles

    Anyone flying any form of conventional aircraft, gliders are a very good example; know full well that the air we fly in is regulated primarily for safety reasons. When we fly, we know before we take off that there are areas of the sky that we are not permitted to enter. Yes, we can still enter if we fully comply with the accepted regulations. The entire system is designed to prevent collisions between aircraft. It is that simple, we all agree to abide with the regulations because our lives depend upon everyone else also doing the same thing for the same reason. To understand the overall problem, may I suggest that every drone owner visit their local gliding club and buy a copy of the relevant, (to their considered drone flying location), 1/4 million air flight chart which will show in full detail where and where not they can fly in safety. It would also make sense if they also, at the same time, purchase a copy of the relevant flying laws which will always also be available at their local gliding club. To find you local gliding club use the BGA British Gliding Association web site www.gliding.co.uk Better still, go learn to fly a conventional glider, a wonderful sport, and make friends for life at the launch point while learning why the rules are there in the first place; to protect lives.

    1. imanidiot Silver badge

      Not really needed to go to your local gliding club to buy the maps. They are available for purchase through a multitude of online shops. And some charts are also available online for free. (US VFR maps see: http://vfrmap.com/)

      1 in 4 million though? I think you mean 1: 250 000?

      I do wholeheartedly agree on the advice to get some flying lessons though (glider or with a fuel-to-noise converter). It's a great way to learn WHY all that airspace regulation is there.

  10. MacroRodent Silver badge

    GPL

    > users of GPL-licensed code should, in theory, make source code available for GPL-licensed software that is released to the public.

    Not just in theory. If you do not follow the license terms, you can be sued by the author of the code. The GPL is just as much a license as a Microsoft EULA, for example. Perhaps some copyright owner had contacted DJI.

  11. anonymous boring coward Silver badge

    GPL licence terms mean users of GPL-licensed code should, in theory, make source code available for GPL-licensed software that is released to the public.

    I think the GPL mean the source could should, in practice, be made available? No "theory" about it.

  12. UncleZoot

    DJI has been a chronic abuser of their customers for as long as I can remember.

    I purchased a Phantom 2 somewhere around 2010 or so. They had a few problems which DJI would roll out a patch to correct. Then once they came out with the Phantom 3, that changed. Constant changes to the app used back then called DJI Pilot.

    DJI hid that they were enforcing geo fencing and bricked thousands of units. DJI has access to all of your flight information including locations and any video you've taken provided you're using a smart devise to control and view the camera.

    After the first major update of software and firmware, I swore off of any further updates, period.

    DJI, Great innovation, rotten customer service, and even worse secrecy to what they've done to your purchased hardware.

    To think, they now own the controlling interest of Hasselblad camera company.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019