DJI offers hackers up to $30,000 to help find bugs in its drones

DJI Spark best drones under $500
DJI, the popular Chinese drone manufacturer, is asking hackers to help make its devices more secure. The company announced the DJI Threat Identification Reward in a blog post on Monday and outlined the rewards, which range from $100 to $30,000 for uncovering vulnerabilities, depending on how big of a threat the hacker helps avert.

“Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products and bringing concerns to public attention,” Walter Stockwell, DJI’s director of technical standards, said in a statement. “DJI wants to learn from their experiences as we constantly strive to improve our products, and we are willing to pay rewards for the discoveries they make.”

The announcement comes as DJI has been grappling with threats from hackers, who have managed to infiltrate the drone’s software. Such bugs and exploits have so far allowed hackers to root the drones to get around built-in restrictions on flying speed and altitude. Some have even managed to circumvent geofences, which keep them grounded around no-fly areas, such as near airports.

The company says its new program is part of an effort to address concerns about the security of its products.

“We want to engage with the research community and respond to their reasonable concerns with a common goal of cooperation and improvement,” Stockwell said. “We value input from researchers into our products who believe in our mission to enable customers to use DJI products that are stable, reliable and trustworthy.”

DJI is now developing a website with complete details about the program’s terms and a form through which hackers can report vulnerabilities. The program will be accompanied by an internal review process to evaluate and approve new app software.

It is unclear whether the hacker community will take the bait and join DJI in its quest to find bugs. Some are skeptical about DJIs intentions. In an online conversation with Motherboard, Andreas Makris — who goes by the hacker name bin4ry, said, “I think bug bounty programs are a good thing in general but I find it funny that DJI, who did not care for security concerns of the community, now comes up with a bug bounty program.”

Editors' Recommendations