Bug Bounty

Chinese drone maker DJI, announced the launch of its ‘Bug Bounty’ program on Monday. A program which aims to reward hackers and researchers for finding vulnerabilities and bugs within DJI’s devices and software.

The DJI Threat Identification Reward Program is part of DJI’s commitment to work together with researchers and hackers to discover and rectify issues that can affect the security of DJI’s software. The program was in response to the popular ban placed by the U.S. Army citing “cyber vulnerabilities” issues attributing to DJI drones. The ban led to DJI immediately adding an update to its app which adds an offline mode to prevent data from being downloaded or uploaded to the internet.

DJI will also be implementing its new multi-step internal approval process for evaluating and reviewing its new app software prior to release to ensure its stability, security and reliability.

DJI is still designing rules and conditions around this program but says it will pay monetary rewards ranging from $100 to $30,000 for solving bugs, the size of the reward depends on the impact level of threat. DJI is building a website containing the program details and a standardised form for reporting potential threats related to DJI’s software or hardware. Starting from 28th onward, bug reports can directly be sent to [email protected]

DJI also said on Monday, it had updated its DJI GO and DJI GO 4 apps to remove third-party components such as Jpush that collected unnecessary amounts of data and sent it over the internet. DJI’s software security team and external researchers has recently discovered that JPush collected excessive packets of data, which included a list of apps installed on the user’s device, and sent them to JPush’s server. DJI states that it never accessed this data nor did it ever authorise or permit the collection or transmission of such data.

This is not the first time DJI has offered a bounty. Earlier in April, DJI promised to offer a bounty of $195000 to individuals who could provide information on the operator(s) behind the drones responsible for the flight disruptions that shut down operations at a Chinese airport.

According to DJI, the main motive of creating this program is to identify threats to private data of users, videos, and logs. Furthermore, DJI is looking at issues that could result in flight safety concerns, DJI app’s geofencing restrictions and flight altitude limits.

Last month, DJI Spark, their smallest drone made headlines when it was discovered that a software bug caused the drones to fall from the sky. Later, DJI issued a software update for the DJI Spark this month, alerting users that the drones can no longer fly without it.