DJI , Drone maker accused of Security breach
Photo credits: GETTY IMAGES |
DJI, Drone maker has accused a cyber-security researcher of hacking its servers.
Kevin Finisterre claims that he accessed confidential customer data after finding a private key publicly posted on code-sharing site Github.
He approached the firm, which offers a "bug bounty" reward of up to $30,000 (£23,000) for security weaknesses discovered in its systems.
DJI said the server access was "unauthorised".
The data Mr Finisterre was able to see included "unencrypted flight logs, passports, drivers licences and identification cards", he said.
Despite initially offering him the money, in a statement DJI has now accused Mr Finisterre of refusing to agree to the terms of its bug bounty programme "which are designed to protect confidential data and allow time for analysis and resolution of a vulnerability before it is publicly disclosed".
According to him "DJI takes data security extremely seriously, and will continue to improve its products thanks to researchers who responsibly discover and disclose issues that may affect the security of DJI user data and DJI's products."
Comments
Post a Comment