DJI offering up to $30,000 'bounty' to anyone who finds a critical software vulnerability
DJI is offering cash rewards to anyone who finds a significant bug in its software. The new bug bounty program offers financial incentives ranging from $100 to $30,000 in the hopes that researchers and users alike may find problems related to software security, flight safety, and app stability. This, following a leaked military memo that ordered the US Army to cease their use of DJI products over unspecified 'cyber vulnerabilities.'
The alleged vulnerabilities cited by the military memo were found by the U.S. Army Research Lab and U.S. Navy, which ordered the U.S. Army to stop using 'all DJI products,' and news of the order stirred concerns in the private sector over whether DJI's software was adequately protecting customers' data. Around the same time, DJI introduced an offline mode that allows operators to limit a drone's communications to just its controller.
DJI will soon launch a dedicated bug bounty website with a standardized form through which bug discoveries can be submitted. Until that time, the company advises individuals who have found a bug to report it to the 'firstname.lastname@example.org' email address. Only qualified bugs will result in rewards, and specific terms will be detailed on the upcoming bug bounty website.
DJI To Offer ‘Bug Bounty’ Rewards For Reporting Software Issues
Threat Identification Reward Program Will Address Software Concerns
August 28, 2017 – DJI, the world’s leader in civilian drones and aerial imaging technology, is establishing a “bug bounty” program to reward people who discover security issues with DJI software. The DJI Threat Identification Reward Program is part of an expanded commitment to work with researchers and others to responsibly discover, disclose and remediate issues that could affect the security of DJI’s software.
“Security researchers, academic scholars and independent experts often provide a valuable service by analyzing the code in DJI’s apps and other software products and bringing concerns to public attention,” said DJI Director of Technical Standards Walter Stockwell. “DJI wants to learn from their experiences as we constantly strive to improve our products, and we are willing to pay rewards for the discoveries they make.”
The DJI Threat Identification Reward Program aims to gather insights from researchers and others who discover issues that may create threats to the integrity of our users’ private data, such as their personal information or details of the photos, videos and flight logs they create. The program is also seeking issues that may cause app crashes or affect flight safety, such as DJI’s geofencing restrictions, flight altitude limits and power warnings.
Rewards for qualifying bugs will range from $100 to $30,000, depending on the potential impact of the threat. DJI is developing a website with full program terms and a standardized form for reporting potential threats related to DJI’s servers, apps or hardware. Starting today, bug reports can be sent to email@example.com for review by technical experts.
The DJI Threat Identification Reward Program is part of a renewed focus on addressing concerns about DJI product security, including new efforts to partner with security researchers and academics who have a common goal of trying to improve the security and stability of DJI products. DJI is also implementing a new multi-step internal approval process to review and evaluate new app software before it is released to ensure its security, reliability and stability.
DJI has not previously offered formal lines of communication about software issues to security researchers, many of whom have raised their concerns on social media or other forums when they could not determine how best to bring these issues to DJI’s attention.
“We want to engage with the research community and respond to their reasonable concerns with a common goal of cooperation and improvement,” Stockwell said. “We value input from researchers into our products who believe in our mission to enable customers to use DJI products that are stable, reliable and trustworthy.”
It won't come as a surprise to anyone that there are some unpleasant, predatory men within the photography industry. However, a long-form, extensively researched special report in the Columbia Journalism Review about sexual harassment is still a depressing, eye-opening read.
Is this the end? Nikon's UK and Japanese websites now list some of its KeyMission action cameras as discontinued.
Leica Camera AG is now an investor in Light, the makers of the innovative L16 camera. According to the company, the funding will allow Light to 'expand the reach of its imaging platform beyond consumer photography'
YouTuber ZY Productions has a video wherein he provides a succinct summary of how phase detection autofocus systems work, their benefits and their shortcomings.
The X-U is Leica's first ruggedized compact camera and is still the only waterproof camera on the market with a large APS-C sensor. That sensor sits behind a 35mm-equivalent, F1.7 lens, and we've taken it to the mountains and back to see just what it's capable of.
Gitzo and Sony have teamed up to launch a new tripod and L-bracket designed specifically for Sony α-series cameras.
There have now been seven variants of the Sony RX100 series, and at least six of them are still current models. Confused? Here's an updated look at their differences, and our recommendations among them now that we've tested the Mark VI.
The Kodak-branded 'Kashminer' Bitcoin mining scheme announced at CES has apparently collapsed, with Eastman Kodak distancing itself from the company behind it.
The software uses computational imaging techniques to boost detail and dynamic range in your images, and reduce noise levels.
As part of a promotional giveaway, Fujifilm Korea has released kimchi-flavored instant noodles wrapped in branding inspired by Fujifilm Provia 100 color reversal film.
The Leica Noctilux-M 75mm F1.25 ASPH is a fast, high-quality and decidedly heavyweight short telephoto prime lens, designed for use with Leica's digital M-series rangefinders. We've been grappling with it for a little while - take a look at our sample images.
70-200mm F4 zoom lenses may not get as much attention as their faster F2.8 siblings, but for many photographers these lenses hit the perfect sweet spot of price, performance, and weight. This week, we shoot the new Tamron 70-210mm F4 alongside the equivalent Canon and Nikon models to see how they stack up.
Blackmagic recently worked with Apple to develop Blackmagic eGPU, an external GPU that brings "desktop-class graphics performance" to the new MacBook Pro laptops with Thunderbolt 3 ports.
Lightroom alternative Luminar has received numerous updates across both its Mac and Windows versions, primarily improvements to existing features, as well as support for additional cameras from Fujifilm, Sony, Olympus, Panasonic, Canon, and Pentax.
Sony has quietly updated its RX100 V, bringing a couple of the goodies from the RX100 VI travel zoom. The updated RX100 VA gains a new processor and various firmware tweaks but misses out on the VI's other hardware improvements.
Apple has updated its MacBook Pro series of notebooks with 15in and 13in models that are claimed to be better for intense image and video editing. The company says the new models are the most advanced ever, and that they feature 8th generation Intel Core processors for faster performance.
According to sources familiar with the matter, Adobe will announce a full-fledged Photoshop version for the iPad at its annual conference in October.
The last day to place an order for Apple photo prints and related products is September 30th.
Manfrotto has launched its new Noreg camera bag series with the Backpack-30 and Messenger-30 models. Both bags are designed for premium mirrorless camera systems, each featuring internal camera units that can be removed and used independently of the larger bags.
Industrial designer Thomas Müller has created a concept device that attempts to democratize film development using an all-in-one device that sits on your countertop.
Mastin Labs has released its latest set of presets titled 'Kodak Everyday.' The pack includes film emulation presets for iconic Kodak films, including Ektar, Gold and Tri-X.
Canon has released firmware update 1.0.4 for the EOS 6D Mark II, adding important bug fixes for "rare instances" of issues with the touch panel and operation buttons.
In an email to DPReview, Nikon Inc. has confirmed ''The Nikon 1 series cameras, lenses and accessories are no longer in production'.
Nikon's new Coolpix P1000 boasts an extraordinary zoom range and a suite of powerful stills and video features in a (relatively) compact body. We're taking a detailed look at this powerful compact's key features.
PhotoMirage, a new Windows application from software company Corel, transforms images into "mirages" by adding movement to elements like water or clouds. Unlike a cinemagraph, it does not require video footage – instead animating a single static image.
Tamron's version 2.0 firmware update for its 28-75mm F2.8 Di III RXD claims to have addressed reported issues with autofocus during video shooting.
Lens maker Moment is leaning into the software sector, launching a newly-revamped smartphone camera app targeted at enthusiast photographers.
A groups of researchers from NVIDIA, MIT, and Aalto University have developed an AI capable of removing noise and grain from images with incredible accuracy.
If the 24-2000mm equiv. zoom range on Nikon's Coolpix P900 just wasn't enough then you'll be excited about today's announcement of the Coolpix P1000. This camera has a once unthinkable 24-3000mm equivalent F2.8-F8 lens, though it's anything but light and will set you back $999.