This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
cn:about:start [2018/05/15 00:37] chinger1313 [Data Leakage] |
cn:about:start [2018/05/15 00:39] chinger1313 [Back Doors] |
||
---|---|---|---|
Line 26: | Line 26: | ||
* DJI使用开源软件组件而不承认作者的贡献,并且不遵守GPL许可条件。除了不合法之外,使用别人的工作而不相信它,或遵守他们的许可条件是不道德的。更新: | * DJI使用开源软件组件而不承认作者的贡献,并且不遵守GPL许可条件。除了不合法之外,使用别人的工作而不相信它,或遵守他们的许可条件是不道德的。更新: | ||
到目前为止,根据分析,已经确定比先前披露的更多的信息正在对外传播。7)DJI已经同意创建一个离线的mode.8,但是DJI并没有公开在离线模式下发送的数据。离线模式被认为是非常积极的一步。DJI在非脱机模式下对通信的进一步评论将极大地帮助DJI客户恢复信任。DJI已经删除了iOS和Tinker的热补丁插件jsPatch,并将检查DJI GO和DJI GO 4的其他第三方插件和服务,并承诺在采取这些插件之前对任何新的第三方插件进行彻底的调查,以应对这里提出的安全问题。 | 到目前为止,根据分析,已经确定比先前披露的更多的信息正在对外传播。7)DJI已经同意创建一个离线的mode.8,但是DJI并没有公开在离线模式下发送的数据。离线模式被认为是非常积极的一步。DJI在非脱机模式下对通信的进一步评论将极大地帮助DJI客户恢复信任。DJI已经删除了iOS和Tinker的热补丁插件jsPatch,并将检查DJI GO和DJI GO 4的其他第三方插件和服务,并承诺在采取这些插件之前对任何新的第三方插件进行彻底的调查,以应对这里提出的安全问题。 | ||
+ | |||
===== Data Leakage ===== | ===== Data Leakage ===== | ||
* Based on analysis so far, it has been determined that more information than has been previously disclosed is being transmitted externally. ((A video of network chatter from just opening DJI GO 4 is published | * Based on analysis so far, it has been determined that more information than has been previously disclosed is being transmitted externally. ((A video of network chatter from just opening DJI GO 4 is published | ||
* DJI have agreed to create an offline mode.((China drone maker steps up security after U.S. Army ban [[https:// | * DJI have agreed to create an offline mode.((China drone maker steps up security after U.S. Army ban [[https:// | ||
* **Offline mode is seen as a very positive step. Further comments by DJI on communications in flight when not in offline mode would greatly help to restore trust by DJI clients.** | * **Offline mode is seen as a very positive step. Further comments by DJI on communications in flight when not in offline mode would greatly help to restore trust by DJI clients.** | ||
- | * **DJI have [[http:// | + | * **DJI have [[http:// |
===== Back Doors ===== | ===== Back Doors ===== | ||
* It has been found that the DJI GO application for both Android and IOS have back-doors allowing DJI to "hot patch" applications in a manner that breaches the rules imposed on DJI by both Google and Apple. ((Drone-maker DJI's Go app contains naughty Javascript hot-patching framework[[http:// | * It has been found that the DJI GO application for both Android and IOS have back-doors allowing DJI to "hot patch" applications in a manner that breaches the rules imposed on DJI by both Google and Apple. ((Drone-maker DJI's Go app contains naughty Javascript hot-patching framework[[http:// | ||
Line 38: | Line 39: | ||
* While not technically a back-door, being forced into firmware changes is a concern. An alternate approach might be to guarantee that there are at least two firmware versions available for all products, so that in the event of concerns that are believed to be firmware related, that a pilot will at least have the chance to eliminate firmware as the root cause by downgrading to a different firmware level. | * While not technically a back-door, being forced into firmware changes is a concern. An alternate approach might be to guarantee that there are at least two firmware versions available for all products, so that in the event of concerns that are believed to be firmware related, that a pilot will at least have the chance to eliminate firmware as the root cause by downgrading to a different firmware level. | ||
* From a change management and risk mitigation perspective, | * From a change management and risk mitigation perspective, | ||
+ | * 人们已经发现, | ||
===== Censorship ===== | ===== Censorship ===== | ||
* In DJI forums, it is against the rules to criticise DJI, or to talk about reverse engineering of DJI software. ((Threads | * In DJI forums, it is against the rules to criticise DJI, or to talk about reverse engineering of DJI software. ((Threads |