| Both sides previous revision
Previous revision
Next revision
|
Previous revision
|
faq:dataleakage [2017/08/10 01:50]
czokie [[ Network Chatter ] |
faq:dataleakage [2017/08/27 03:39] (current)
czokie ↷ Links adapted because of a move operation |
| ====== DJI Data Leakage ====== | ====== DJI Data Leakage ====== |
| |
| This page will contain examples of where information "leaks" in ways that is unexpected to DJI consumers. Note also another page that will contain information on the [[tos|terms of service]] that are accepted as part of using the DJI ecosystem. | This page will contain examples of where information "leaks" in ways that is unexpected to DJI consumers. Note also another page that will contain information on the [[.tos:start|terms of service]] that are accepted as part of using the DJI ecosystem. |
| |
| |
| ===== Hot Patching - Back-door found in DJI GO ===== | ===== Hot Patching - Back-door found in DJI GO ===== |
| One of the big no-go areas in an app development is the capability for an app to modify its code after deployment. If an app is able to modify itself, it will be able to bypass the rules that govern acceptance into an App Store. For example, Apple has recently [[https://www.theregister.co.uk/2017/03/09/apple_burns_bridge_for_hot_patching/|warned developers]] that hot patch capabilities are grounds for apps getting banned. The [[https://play.google.com/intl/ALL_fr/about/developer-content-policy-print/|Google policy]] says that an app"//may not modify, replace, or update itself using any method other than Google Play’s update mechanism//". | One of the big no-go areas in an app development is the capability for an app to modify its code after deployment. If an app is able to modify itself, it will be able to bypass the rules that govern acceptance into an App Store. For example, Apple has recently [[https://www.theregister.co.uk/2017/03/09/apple_burns_bridge_for_hot_patching/|warned developers]] that hot patch capabilities are grounds for apps getting banned. The [[https://play.google.com/intl/ALL_fr/about/developer-content-policy-print/|Google policy]] says that an app"//may not modify, replace, or update itself using any method other than Google Play’s update mechanism//". |
| | |
| | ==== Android Tinker ==== |
| |
| Security Researchers have [[https://www.rcgroups.com/forums/showthread.php?2911378-DJI-Dashboard-Modding-tips-tricks-and-results-OFFICIAL-THREAD/page172|uncovered the use of "tinker"]] within the DJI GO application. "[[https://github.com/Tencent/tinker|Tinker is a hot-fix solution library for Android, it supports dex, library and resources update without reinstalling apk]]." Again, the [[https://play.google.com/intl/ALL_fr/about/developer-content-policy-print/|Google policy]] states: "//Likewise, an app may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play//" | Security Researchers have [[https://www.rcgroups.com/forums/showthread.php?2911378-DJI-Dashboard-Modding-tips-tricks-and-results-OFFICIAL-THREAD/page172|uncovered the use of "tinker"]] within the DJI GO application. "[[https://github.com/Tencent/tinker|Tinker is a hot-fix solution library for Android, it supports dex, library and resources update without reinstalling apk]]." Again, the [[https://play.google.com/intl/ALL_fr/about/developer-content-policy-print/|Google policy]] states: "//Likewise, an app may not download executable code (e.g. dex, JAR, .so files) from a source other than Google Play//" |
| |
| DJI representatives initially claimed "//this has never been used in production//". DJI acknowledge this functionality is not permitted by google policy, and [[https://www.rcgroups.com/forums/showpost.php?p=38060360|they would not use this in a public setting]]. | ==== IOS JSPatch ==== |
| | |
| | Before IOS users start to feel confident about their choice, the news on IOS is not much better. IOS APK's have been found to contain JSPatch as an alternative to Tinker. According to [[https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html|fireeye research]] on the topic, the use of this technique can "//expose a similar attack vector that allows patching scripts to alter the app behavior at runtime, without the constraints imposed by the App Store’s vetting process.//" The research also states, "//malicious behavior can be temporary, dynamic, stealthy, and evasive. Such an attack, when in place, will pose a big risk to all stakeholders involved.//" |
| | |
| | As stated above, [[https://www.theregister.co.uk/2017/03/09/apple_burns_bridge_for_hot_patching/|using hot patching frameworks that doing so violates its rules.]] |
| | ==== The Response ==== |
| | |
| | DJI representatives initially claimed that hot patching "//has never been used in production//". DJI acknowledge this functionality is not permitted, and [[https://www.rcgroups.com/forums/showpost.php?p=38060360|they would not use this in a public setting]]. |
| |
| Regardless of the denial by DJI, you don't put a back door in your code for no good reason. | Regardless of the denial by DJI, you don't put a back door in your code for no good reason. |
| |
| DJI have subsequently advised: //"[[https://www.rcgroups.com/forums/showpost.php?p=38061281|The Tinker issue is being addressed. We have never used it as a company. It should be removed with the next revision]].//" | DJI have subsequently advised that the issue: //"[[https://www.rcgroups.com/forums/showpost.php?p=38061281|The is being addressed. We have never used it as a company. It should be removed with the next revision]].//" |
| |
| These findings do paint a sinister story. The capability to dynamically change the software on your device to do anything you likeis like opening up Aladdin's cave. Apps could be dynamically modified to allow access to anything that the DJI go app has permission to access. That would include all access to all vision, all telemetry, and all flight logs. At its worst, this could include a command to "bring down" a drone being used for military purposes. This is the whole pandora's box, and explains why the US Army have ordered the removal of all DJI software from Army devices. | These findings do paint a sinister story. The capability to dynamically change the software on your device to do anything you likeis like opening up Aladdin's cave. Apps could be dynamically modified to allow access to anything that the DJI go app has permission to access. That would include all access to all vision, all telemetry, and all flight logs. At its worst, this could include a command to "bring down" a drone being used for military purposes. This is the whole pandora's box, and explains why the US Army have ordered the removal of all DJI software from Army devices. |
| ===== Network Chatter ===== | ===== Network Chatter ===== |
| [[.:dataleakage/chatter|Details on some network analysis can be found here]] | [[.:dataleakage/chatter|Details on some network analysis can be found here]] |
| |
| |
