App for Chinese DJI drones could give hackers full control of users’ phones, researchers say
The Android application used to operate drones manufactured by DJI contains a number of features that could allow attackers to target users with malicious applications or gain full control of users’ phones, according to recent research by France-based Synacktiv and U.S.-based GRIMM. Researchers found that the DJI GO 4 application can force updates on users without routing them through the Google Play Store. Given the access the application has — including users’ contacts, microphone, camera, geolocation — it could give DJI or third parties nearly full control of users’ phones, Synacktiv and GRIMM found. It’s also the kind of update that could place the company in violation of the store’s guidelines. The application also may install arbitrary applications through the Weibo software development kit, without gaining users’ approval first and bypassing Google once again, according to GRIMM researchers. In so doing, the application shares users’ personal information with Weibo and […]
The post App for Chinese DJI drones could give hackers full control of users’ phones, researchers say appeared first on CyberScoop.