Drone manufacturer DJI is paying a bug bounty of up to $30,000 for users who discover security issues with their products.
It’s been quite a shaky month for DJI in terms of PR. A few weeks ago, a US Army memo became public stating they would cease use of all DJI products and software due to potential security issues. Shortly thereafter, DJI released a new stealth mode that mutes all connections between devices and DJI servers. Coincidence?
The US Army memo that called for a cease of use of DJI products.
Now, DJI are stepping up their security concerns even more with the introduction of the Threat Identification Reward Program, an incentive to cooperate with users and researchers in finding potential security issues with their software.
This bug bounty will primarily be looking at potential threats regarding infringing on private user data such as personal information, flight logs and details regarding captured photos and video. On the DJI side of things, the company will be looking to gather information to avoid app crashing and improve flight safety, including data connected to geofencing, altitude limits and power warnings.
Depending on the severity of the threats found, DJI will be paying out anywhere between $100 and $30,000. A dedicated website is currently under development where you will be able to report potential threats, but in the meantime you can direct your findings to bugbounty@dji.com.
If you’re a white-hat kind of hacker, this bug bounty program could be a good opportunity to cash in on your technical expertise and willingness to help. For more information, check out the official press release HERE.
Have you found any potential issues you will be reporting to DJI? Feel free to share in the comments section below.
