DJI wants security researchers to turn their attention to its software and drones and will pay for discovered bugs or exploits. Called The DJI Threat Identification Reward Program, the program aims to create a formal line of communication between researchers and hackers to the drone maker. The company will pay between $100 and $30,000 for qualifying bugs, “depending on the potential impact of the threat.”
This program comes after a high-profile ban by the U.S. Army grounded the company’s drones after unspecified “cyber vulnerabilities” were discovered. Immediately following that ban, DJI added an offline mode that prevents any data from being sent to or received from the internet. But clearly there’s a need for a deeper inspection of the company’s wares.
DJI says this program was created to identify threats to users’ private data, videos, and logs. But it doesn’t stop there. DJI is also looking at issues that could result in flight safety concerns, such as DJI’s geofencing restrictions, flight altitude limits and power warnings.
“We want to engage with the research community and respond to their reasonable concerns with a common goal of cooperation and improvement,” DJI Director of Technical Standards Walter Stockwell said in a released statement. “We value input from researchers into our products who believe in our mission to enable customers to use DJI products that are stable, reliable and trustworthy.”
Discovered bugs can be emailed to bugbounty@dji.com.
Drones need to be safe if they’re becoming a mass-market hit that reaches deep into the consumer and commercial world. This is a long-overdue step that will hopefully result in drones that are harder to hit with malicious attacks.