DJI Firmware Hacking Removes Drone Flight Restrictions

Outsmart Malicious Hackers


Drones have been taking over the world, everyone with a passing interest in making videos has one and DJI firmware hacking gives you the ability to remove all restrictions (no-fly zones, height and distance) which under most jurisdictions is illegal (mostly EU and FAA for the US).

DJI Firmware Hacking Removes Drone Flight Restrictions

It’s an interesting subject, and also a controversial one as people are worried that it could cause a drone to collide with a passenger plane (although in all honestly, I’m not sure how much damage a 1kg drone would do – some geese are much heavier).

Drone hackers in the UK are busy at work exploiting the application security shortcomings of a major manufacturer to circumvent restrictions, including flight elevation limits. DJI says it has pushed out a firmware update to nip the problem in the bud, but one expert The Register spoke to maintains that hacking is still possible.

The potential for drone hacking can be traced back to a mistake made by DJI in leaving development debug code in its Assistant 2 application. Changes could be made by commenting out one line in a file and setting the debug flag from false to true. The shortcoming exposed a full range of parameters that enabled hackers to turn off safeguards.

“It’s looks like ‪#DJI‬’s ‪#Spark‬ was jailbroken due to poor app security? Leaving dev code & passwords in the app was probably not a good idea,” UAVHive, a UK-based drone enthusiast community, said in a Twitter update.

Other DJI products – including the Phantom and Inspire 2 – have had the same jailbreak proven.


It seems DJI have left debugging code in the production app which enables hackers to change parameters via the DJI Assistant 2 application.

It’s also an act of hackers against DJI for limiting the behaviour of their drones, with many complaints of false positives on no-fly zones and the height restrictions being overly cautious.

DJI has been warned repeatedly since at least April, if not before, by Kevin Finisterre, a drone security expert, among others. Despite this, critics say DJI failed to act.

Concerns centre on the application security risks posed by the presence of DJI debug code in publicly released applications, something that creates a backdoor for hackers to meddle with the technology.

Recently numerous underground groups of drone users have sprung up and are collaborating on removing restrictions from their drones and even change performance parameters. For example, a Facebook group for drone enthusiasts included hackers in its ranks. A Slack group is even more active and seems to be where a lot of the actual effort is taking place, we’re told.

“The main focus of efforts is removing height restrictions with ongoing efforts to remove no-fly zones, there’s even secret groups of drone pilots now having height competitions to see who can push their drone’s performance the furthest,” a source told El Reg. “A lot of this extreme behaviour by DJI owners is a direct backlash at DJI for adding a range of restrictions including having to connect to their servers via the internet. Recently, for example, DJI’s infrastructure was down and users complained they were grounded as a result. The no-fly zone database has many false positives.”

With drones getting cheaper and more accessible (Like the DJI Spark), this is bound to happen more and more and I think there is a certain responsibility that lays with drone manufacturers to ensure their drones are safe from tampering.

What do you think? Yay or nay? Are the restrictions necessary, or can people generally make responsible decisions by themselves?

Source: The Register

Learn about Exploits/Vulnerabilities



Posted in: Exploits/Vulnerabilities, Hardware Hacking, Legal Issues

Latest Posts:


AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.
Time Warner Hacked - AWS Config Exposes 4M Subscribers Time Warner Hacked – AWS Config Exposes 4M Subscribers
What's the latest on the web, Time Warner Hacked is what it's about now as a bad AWS S3 config (once again) exposes the details of approximately 4M subs.


8 Responses to Time Warner Hacked – AWS Config Exposes 4M Subscribers

  1. engineer September 7, 2017 at 9:36 pm #

    By default S3 buckets are not public.

    • Darknet September 7, 2017 at 9:59 pm #

      They used to be IIRC, but I could be wrong, well I guess more accurately the easiest way to get access to it programmatically is just to set it to public.

    • Engineer S September 10, 2017 at 10:09 pm #

      Yes, it had to be configured to be open to the web.  This story is not really about AWS.  It’s about bad IT controls and careless engineering.

      I wouldn’t even call this a hack, if it’s left open to the public.

  2. Alan M September 8, 2017 at 8:15 am #

    Broadsoft was responsible for exposing the Time Warner Cable (TWC) data. Time Warner (TC) is an entirely separate entity (TC does NOT = TWC).

    • Darknet September 8, 2017 at 3:48 pm #

      Hey thanks for that clarification Alan.

  3. Tracie September 8, 2017 at 8:17 pm #

    Also time Warner cable is no longer TWC . it is now spectrum.

  4. Ryan Dymek September 8, 2017 at 8:29 pm #

    Buckets have zero access beyond the creator. “Easiest way to grant access is to make it public”… that same statement applies to a cisco firewall in an onprem enterprise. And allow any rule is simple but terribly wrong. IAM or bucket policies are no more complex than any enterprise grade firewall. Lets not excuse the behavior of the admin due to ignorance.

    • Darknet September 8, 2017 at 9:22 pm #

      Not excusing it, just saying it happens that way, same reason by MongoDB worked out of the box with no auth and listening on every interface. Not ideal, but a lot of things are done in the name of ease and speed of deployment rather than looking at it with an eye on risk and the repercussions.

Leave a Reply