This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
about:start [2017/08/25 10:13] czokie [Back Doors] |
about:start [2017/09/14 03:42] (current) czokie [The OG's (Original Gangsters)] |
||
---|---|---|---|
Line 31: | Line 31: | ||
* DJI have agreed to create an offline mode.((China drone maker steps up security after U.S. Army ban [[https:// | * DJI have agreed to create an offline mode.((China drone maker steps up security after U.S. Army ban [[https:// | ||
* **Offline mode is seen as a very positive step. Further comments by DJI on communications in flight when not in offline mode would greatly help to restore trust by DJI clients.** | * **Offline mode is seen as a very positive step. Further comments by DJI on communications in flight when not in offline mode would greatly help to restore trust by DJI clients.** | ||
+ | * **DJI have [[http:// | ||
===== Back Doors ===== | ===== Back Doors ===== | ||
* It has been found that the DJI GO application for both Android and IOS have back-doors allowing DJI to "hot patch" applications in a manner that breaches the rules imposed on DJI by both Google and Apple. ((Drone-maker DJI's Go app contains naughty Javascript hot-patching framework[[http:// | * It has been found that the DJI GO application for both Android and IOS have back-doors allowing DJI to "hot patch" applications in a manner that breaches the rules imposed on DJI by both Google and Apple. ((Drone-maker DJI's Go app contains naughty Javascript hot-patching framework[[http:// | ||
* The practice of hot patching essentially allows DJI to totally change the functionality of the DJI go application without the knowledge or consent of a pilot. | * The practice of hot patching essentially allows DJI to totally change the functionality of the DJI go application without the knowledge or consent of a pilot. | ||
* Putting this into a different context, hot patching is the equivalent of the avionics software of an aircraft being totally replaced mid flight. | * Putting this into a different context, hot patching is the equivalent of the avionics software of an aircraft being totally replaced mid flight. | ||
- | * **DJI have held true to their word on this point. Analysis so far confirms the removal of JSPatch and Tinker from recent DJI GO updates** | + | * **DJI have held true to their word on this point. Analysis so far confirms the removal of JSPatch and Tinker from recent DJI GO updates.** |
+ | * While not technically a back-door, being forced into firmware changes is a concern. An alternate approach might be to guarantee that there are at least two firmware versions available for all products, so that in the event of concerns that are believed to be firmware related, that a pilot will at least have the chance to eliminate firmware as the root cause by downgrading to a different firmware level. | ||
+ | * From a change management and risk mitigation perspective, | ||
===== Censorship ===== | ===== Censorship ===== | ||
* In DJI forums, it is against the rules to criticise DJI, or to talk about reverse engineering of DJI software. ((Threads | * In DJI forums, it is against the rules to criticise DJI, or to talk about reverse engineering of DJI software. ((Threads | ||
* In third party forums sponsored by DJI, similar censorship is taking place for those that discuss topics that are not endorsed by DJI. | * In third party forums sponsored by DJI, similar censorship is taking place for those that discuss topics that are not endorsed by DJI. | ||
+ | * **DJI have recently removed their "NO UNAUTH MODIFICATIONS" | ||
===== Safety ===== | ===== Safety ===== | ||
* DJI has recently rushing out multiple updates and patches to prevent reverse engineering. | * DJI has recently rushing out multiple updates and patches to prevent reverse engineering. | ||
Line 75: | Line 79: | ||
^[[https:// | ^[[https:// | ||
^[[https:// | ^[[https:// | ||
+ | ^[[https:// |