wiredmikey writes from a report via SecurityWeek: A vulnerability in systems operated by Da Jiang Innovations (DJI) — the world’s largest drone manufacturer — allowed anybody in the world to have full access to a drone user’s DJI account. A successful attacker would be able to obtain cloud-based flight records, stored photographs, user PII including credit card details — and a real-time view from the drone’s camera and microphone. Check Point Researchers (who discovered and reported the vulnerability) told SecurityWeek, “The vulnerability is a unique opportunity for malicious actors to gain priceless information — you have an eye in the sky. Organizations are moving towards automated flights, sometimes with dozens of drones patrolling across sensitive facilities. With this vulnerability you could take over the accounts and see and hear everything that the drones see or hear. This is a huge opportunity for malicious actors.”
Read more of this story at Slashdot.