Security Researchers Find Vulnerabilities that Could Crash DJI Drones and Pinpoint Pilots

Security researchers have identified no less than 16 vulnerabilities in several DJI drones that could have let attackers crash the drones or even discover the pilot's location.

Commercial drones have been around for a long time, and DJI is one of the names that pops up in this industry as one of the most relevant manufacturers. Like all electronic devices, the drones are prone to vulnerabilities, and this is what researchers have been looking for.

A team guided by  Nico Schiller of the Horst Görtz Institute for IT Security at Ruhr University Bochum, Germany, and Professor Thorsten Holz, from the CISPA Helmholtz Center for Information Security, unveiled the vulnerabilities at the Network and Distributed System Security Symposium, Help Net Security reported.

The researchers looked at the DJI Mini 2, the DJI Air 2 and DJI Mavic 2. Their method of attack, called “fuzzing,” consists of repeatedly giving the drones random types of inputs in search of what's necessary to interfere with the device's functionality. In the case of a drone, that could mean forcing it to crash, for example.

"We often have the entire firmware of a device available for the purpose of fuzzing. Here, however, this was not the case," said Schiller. "After connecting the drone to a laptop, we first looked at how we could communicate with it and which interfaces were available to us for this purpose."

By developing a dedicated algorithm for the fuzzing process, they managed to interfere with the drones' functionality, leading to mid-air crashes and even changing serial numbers.

"An attacker can thus change log data or the serial number and disguise their identity," said Holz. "Plus, while DJI does take precautions to prevent drones from flying over airports or other restricted areas such as prisons, these mechanisms could also be overridden."

The team also figured out a way to reverse-engineer the drones' firmware and the radio signals, allowing them to pinpoint the location of the drone and the pilot.

DJI closed all 16 vulnerabilities before the security researchers made their findings public.