CyberScoop interviewed Riphean Partner Brian DeMuth on how the Android application used to operate drones manufactured by DJI contains a number of features that could allow hackers to target users with malicious applications or gain full control of users’ phones.
“Purely from a technical point of view, if you get access to the DJI servers, or you’re someone who has the legal authority over DJI to force themselves to have access, you can target users, not just for mass exploitation but also targeted exploitation,” DeMuth told CyberScoop. “The concern here is that you can push an update to the device. That update could include…an exploit that takes over the phone. From there, you have access to everything.”