Skip to comments.
Security Analysts Reverse-Engineered A Chinese-Made DJI Drone App And Found The Ability To Spy On Users
Hotair ^
| 07/24/2020
| John Sexton
Posted on 07/24/2020 8:17:44 PM PDT by SeekAndFind
Recently two different security firms were hired to reverse-engineer and analyze DJI drone software available for use on Android devices. DJI is one of the largest drone manufacturers in the world and is based in China. What the analysts found were features hidden in the software that send a bunch of technical information back to Chinese servers, most of it information that has no connection to flying drones. As Ars Technica reports, the worse case scenario here is that the app is spying on users:
Two weeks ago, security firm Synacktiv reverse-engineered the app. On Thursday, fellow security firm Grimm published the results of its own independent analysis. At a minimum, both found that the app skirted Google terms and that, until recently, the app covertly collected a wide array of sensitive user data and sent it to servers located in mainland China. A worst-case scenario is that developers are abusing hard-to-identify features to spy on users.
According to the reports, the suspicious behaviors include:
- The ability to download and install any application of the developers choice through either a self-update feature or a dedicated installer in a software development kit provided by China-based social media platform Weibo. Both features could download code outside of Play, in violation of Googles terms.
- A recently removed component that collected a wealth of phone data including IMEI, IMSI, carrier name, SIM serial Number, SD card information, OS language, kernel version, screen size and brightness, wireless network name, address and MAC, and Bluetooth addresses. These details and more were sent to MobTech, maker of a software developer kit used until the most recent release of the app.
- Automatic restarts whenever a user swiped the app to close it. The restarts cause the app to run in the background and continue to make network requests.
- Advanced obfuscation techniques that make third-party analysis of the app time-consuming.
A lot of the phone data the app was collecting is Greek to me but heres what security firm Synacktiv said about the IMSI data:
The MobTech component embedded in recent versions of DJI Android GO 4 application collects personal data such as IMSI, IMEI, the serial number of the SIM card, etc. This data is not relevant or necessary for drone flights and go beyond DJI privacy policy 8. For example, IMSI is used by cellular network operators. These sensitive, unique, persistent data identifiers can be used by intelligence agencies or malicious people to later track individuals or eavesdrop communications.
I cant think of any innocent reasons why DJI would be collecting this data but I can think of a very clear reason why the Chinese government might order them to do it. Grimm research was hired to validate the findings by Synacktiv and wrote this about the possible worst case scenario:
In the worst case, these features can be used to target specific users with malicious updates or applications that could be used to exploit the users phone. Given the amount of users information retrieved from their device, DJI or Weibo would easily be able to identify specific targets of interest. The next step in exploiting these targets would be to suggest a new application (via the Weibo SDK) or update the DJI application with a customized version built specifically to exploit their device. Once their device has been exploited, it could be used to gather additional information from the phone, track the user via the phones various sensors, or be used as a springboard to attack other devices on the phones WiFi network. This targeting system would allow an attacker to be much stealthier with their exploitation, rather than much noisier techniques, such as exploiting all devices visiting a website.
DJI has published a lengthy response to these findings which attempts to explain the reason for these features. Some of their explanations sound reasonable to me but a couple of them are a bit shaky. For instance, why does the software automatically restart itself when it is shut down by the user. Heres DJIs response:
DJI GO 4 is not able to restart itself without input from the user, and we are investigating why these researchers claim it did so. We have not been able to replicate this behavior in our tests so far.
For comparison, heres what Grimm said about that:
As described in the Synacktivs report, when a user attempts to close the app, it restarts itself in the background. As such, the app can only be killed through the Android Force Stop option, as it will be restarted if closed via the normal Android swipe close gesture. While the app is in the background, it accesses the devices location. It is unknown what is done with the location the device collects.
And what does DJI have to say about the collection of all that personal phone data like IMSI:
The MobTech and Bugly components identified in these reports were previously removed from DJI flight control apps after earlier researchers identified potential security flaws in them. Again, there is no evidence they were ever exploited, and they were not used in DJIs flight control systems for government and professional customers.
Its true those components were recently removed but thats not much consolation for the million-plus users who installed the earlier versions. Also, calling the intentional collection of this data a potential security flaw seems to downplay it quite a bit. The data was being collected.
Also, what does it matter that this data collection only happened on the companys consumer products. China is well known to be interested in collecting data on ordinary Americans. It was behind the Equifax hack in 2017 and the OPM hack in 2015. So saying the app was only collecting data on consumers means nothing. China has been doing this for years.
Ars Technica notes that the US Army banned the use of DJI drones in 2017.
TOPICS: Culture/Society; Foreign Affairs; News/Current Events
KEYWORDS: china; drone; reverseengineer; spying
To: SeekAndFind
2
posted on
07/24/2020 8:22:29 PM PDT
by
Inyo-Mono
To: Swordmaker; dayglored
Ping for insights. Hype or genuine risk?
3
posted on
07/24/2020 8:24:48 PM PDT
by
Zhang Fei
(My dad had a Delta 88. That was a car. It was like driving your living room.)
To: SeekAndFind
IMEI stands for International Mobile Equipment Identity. Every mobile phone (and new the mobile hotspot dongles) is assigned a unique IMEI number, which is printed on the inside, usually behind the battery pack. They are 15 digits in length. The phone makers allocate unique IMEI numbers to every phone, and these numbers remain unchanged once registered for the rest of its life. So even if you travel to other countries, the telecom operators can identify the Home country of the phone's sale and registration.
IMSI stands for International Mobile Subscriber Identity. The telecom company assigns a unique number assigned to the SIM card that they issue to their subscribers. The IMSI numbers are 15 digits long (not always though) and can be used to find the subscriber's country and mobile network, among other SIM-related details. It is tied to the SIM card rather than the phone itself.
To: Zhang Fei; Swordmaker
I suspect a little of both hype and risk. I dont trust the Chinese, but frankly I dont trust anybody whose software isnt open source, with very few exceptions.
I generally trust Apples proprietary software because many years of experience demonstrate that they generally tell the truth, and their claims hold up under scrutiny. But this case isnt Apple, its Google and China.
I assume all other proprietary software is out to get me. Im rarely wrong about that. :-)
5
posted on
07/24/2020 9:49:56 PM PDT
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
To: SeekAndFind
And Tik Tok is only for chatting, not facial recognition, data mining, trojan downloading. And the same for Zoom.
6
posted on
07/24/2020 10:01:09 PM PDT
by
VanShuyten
("...that all the donkeys were dead. I know nothing as to the fate of the less valuable animals.")
To: SeekAndFind
WOW!
Thanks for posting. I’m glad I built my own drone, and hope that the open-source flight controller software I use isn’t similarly intrusive.
To: LegendHasIt
Can you freepmail your resources to me? My dear hubby loves his drones and this Dji spy is something I heard before.
8
posted on
07/25/2020 2:43:12 AM PDT
by
momincombatboots
(Ephesians 6... who you are really at war with)
To: dayglored
Apple operating systems are based on UNIX. Yes it is their own modified version of UNIX yet the open systems architecture feature is still there. This means ease of modification at the OS level to control IO routines and data management. This is one of the reasons Apple does not allow users command prompt access like Microsoft’s operating systems have done. Unfortunately, just because the average layman user cannot figure out how to get down to the Apple OS does not mean a knowledgeable user will be deterred. I’ve always thought this is why laymen are utterly convinced Apple products are more safe and secure than any of Microsoft’s; pure fallacy. To those with skill and knowledge, they are both equally vulnerable. Now, licensed software developers for Android and IOS have to allegedly abide by both Google’s and Apple’s software requirements before they allow the software to run in their smartphone OSes. I will assume that the larger the demand for the software, the more ‘laissez-faire’ the OS owners are in corroborating second party code developers are adhering to the OS owner rules. This is a business decision while knowing the risk of potentially damaging their brand. Compound this to both Apple’s and Google’s business interests in and with China and you likely have a free pass for China made software with little scrutiny. If discovered, both Google and Apple can always claim being bamboozled by those ‘waskily’ chinese; move on, nothing to see here and the chinese learn how to better hide their stuff. I write this without any actual proof yet much circumstantial evidence and knowing the big tech (as does Hollywood but that is another story) companies see China as their next big market to sell their wares and make more money. What these dolts do not realize is the chinese will copy their products and push them out of the market by underselling them; hello HUAWEI/ZTE. Along the way, Americans get hooked on chinese connected apps like Tik Tok & Zoom. Oh, read this about Zoom despite being labeled an “American’ business (https://techcrunch.com/2020/04/03/zoom-calls-routed-china/); hello Eric Yuan. Meanwhile China spies on the US via its software and electronics. One more thing, I know it is a whole lot of data coming in to through these apps to go through and find the golden nuggets of worthy intelligence. Hence china’s push for AI, supercomputers and the city of Shenzhen (tech super city). Apologies, for being a bit long and ‘ranty’.
Regards.
9
posted on
07/25/2020 4:52:17 AM PDT
by
Sine_Pari
To: Sine_Pari; Swordmaker
>
Apple operating systems are based on UNIX. Yes it is their own modified version of UNIX yet the open systems architecture feature is still there. This means ease of modification at the OS level to control IO routines and data management. Yep. FreeBSD. Pretty highly modified, yet not so much so that you cant run a lot of the standard FreeBSD software, if youre so inclined.
> This is one of the reasons Apple does not allow users command prompt access like Microsofts operating systems have done.
Not at all true. The Terminal app, a utility tool supplied with MacOS since the very beginning, is a standard command prompt access program, using the Bash (or your choice) shell. In addition, SSH (Secure Shell) is also supplied, which permits command line access over the network.
In fact I use command line shell access, via Terminal or SSH, pretty much every day on my Mac systems. Its like having a Unix server, in addition to the MacOS GUI desktop.
And for those (like me) who wish to runX11 based software such as xterm (another command line shell access program), there are third party X11 packages.
> Unfortunately, just because the average layman user cannot figure out how to get down to the Apple OS does not mean a knowledgeable user will be deterred. Ive always thought this is why laymen are utterly convinced Apple products are more safe and secure than any of Microsofts; pure fallacy.
Its not pure fallacy; for decades, MacOS was demonstrably more safe and secure than Windows. But in the last 5 years or so, Windows has caught up to MacOS in terms of security, at the operating system level. Thats why you dont heard as much about autonomous viruses as you did say 10 years ago. As long as its still based on the NT kernel, Windows can never be as stable and straightforward as Unix or Linux, but its okay these days.
All OS software has flaws, mistakes, vulnerabilities. They have to get patched. Computer OSes are no different from any other complex system in that respect nothing is perfect, and no software vendor claims their OS software is flawless in that regard.
Nowadays, the major unsafe, insecure element in any computer system is the operator. The USER is where most of the malware attacks strike. Depending on the OS to protect you is only part of a good defense against malware. Safe computer practices on the part of the user are more essential now than ever.
10
posted on
07/25/2020 7:39:01 AM PDT
by
dayglored
("Listen. Strange women lying in ponds distributing swords is no basis for a system of government."`)
To: Zhang Fei
Ping for insights. Hype or genuine risk? Very real. . . dont use this.
11
posted on
07/25/2020 9:05:34 AM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigot1)
To: Sine_Pari; dayglored
Apple operating systems are based on UNIX. Yes it is their own modified version of UNIX yet the open systems architecture feature is still there. Actually not true. Apple MacOS is a certified and trademarked POSIX UNIX, and in fact the largest selling UNIX In the world. It will run every UNIX application you can imagine. MacOS is a shell that runs on top of the underlying UNIX.
This is one of the reasons Apple does not allow users command prompt access like Microsofts operating systems have done. Unfortunately, just because the average layman user cannot figure out how to get down to the Apple OS does not mean a knowledgeable user will be deterred.
Also not true. . . The Mac UNIX Terminal is just one combined COMMAND T keystroke away, or a click on the Drop Down menu/Terminal option. This brings up the Terminal App in a window and a full command line UNIX is available. It will require a SUPER USER password which requires the User to either know or create to access all UNIX commands, but they are available. The user has complete control of the underlying UNIX OS and all UNIX features.
Apple is also one of the largest contributors to the open standard software standards. It developed, owns, and maintains CUPS, the common printing system for all UNIX, Linux, and Android systems, for example, making it available for all comers to use and assures that modifications adhere to the standards. Yet, the UNIX Apple uses and CUPS are open source. Anyone can examine the source code to assure that theres nothing hidden in it and its updated to make it tighter and more secure. THAT S WHY Macs really are more secure.
12
posted on
07/25/2020 9:24:14 AM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigot1)
To: dayglored; Sine_Pari
All OS software has flaws, mistakes, vulnerabilities. They have to get patched. Computer OSes are no different from any other complex system in that respect nothing is perfect, and no software vendor claims their OS software is flawless in that regard. Absolutely true. . . Some are better than others due to good original design, trial by fire over a long period on the technical battle field, or the oversight of many critical eyes. Apple has had the benefit of all that. . . And that process continues. Each change introduces new opportunities for error which needs to have it all tested again.
Apple also doesnt rely on third-party paste on security for protecting the user against himself. Its built into the operating system at a very low level, not as an app that runs along with others, but part of the OS.
13
posted on
07/25/2020 9:38:44 AM PDT
by
Swordmaker
(My pistol self-identifies as an iPad, so you must accept it in gun-free zones, you hoplophobe bigot1)
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson