DJI Doubles Bug Bounty Rewards

Identify high-risk and critical server vulnerabilities to earn double rewards for the rest of the year

By Ishveena Singh Ishveena Singh
November 24, 2020

DJI, the only drone manufacturer in the world to have initiated a Bug Bounty Program, is doubling down on IT security efforts with a special bug bounty incentive. For the rest of this year, security researchers can earn double the maximum payouts possible (up to $10,000) via the DJI Bug Bounty Program. 

The DJI Bug Bounty Program

DJI launched its Bug Bounty Program toward the end of 2017 as part of an expanded commitment to work with the research community to proactively discover, disclose, and remediate issues that could affect the security of DJI’s products, applications, and servers. The bounty, thus far, has paid out tens of thousands of dollars to over one hundred researchers.

DJI raised the bounties for server vulnerabilities after noticing that the rate of payouts for server bug vulnerabilities had fallen since 2018. We wanted security researchers to keep finding those bugs, and doubling the size of rewards is a way to focus attention on them. We hope this effort will result in more reports submitted, more server bugs found and remediated, and larger payouts for researchers.

Earning and keeping the trust of our users is a top priority and a close partnership with security researchers allows us to stay ahead of a new generation of hacking tools and at the forefront of consumer data privacy and protection. This is why we are offering higher bounty payouts to qualified DJI contributors who report critical or high-severity server vulnerabilities to us in accordance with the DJI Vulnerabilities Rating Guidelines.

Bug Bounty Server TableVulnerabilities Eligible for Double Rewards under DJI Bug Bounty Program

The bounty range for high-risk issues has been increased to up to $2,000 and reporting a critical server bug could help you earn up to $10,000. If you so consent, your unique contribution will also be recognized on the DJI Security Contributors Wall of Fame and/or in other media.

How to report a bug

The process of reporting a bug is pretty straightforward. You will need to create a testing account here to submit your findings in the given reporting template. While we may contact you to confirm the details of your discoveries, a detailed description of the bugs or vulnerabilities will help us to reproduce the issues and fix them exigently. Please remember we take every report seriously and diligently investigate each vulnerability to address it in a reasonable period of time.

Bug Bounty ProcessHow DJI Bug Bounty Process Works

An Ongoing Commitment To Cybersecurity and Data Privacy

The DJI Bug Bounty initiative supplements the other powerful measures that we routinely take to bolster data security, customer privacy, and airspace safety, including ensuring that all new products and app software undergo a stringent multistep internal review process.

DJI customers control their data. They alone determine whether to share any of their photos, videos or flight logs with anyone else. Neither DJI nor anyone else can access that data unless customers share it with us, and DJI’s Local Data Mode provides a further level of security by shutting all Internet data transmission from the drone. You can learn more about how to protect your drone data at this link

DJI’s data security has been independently examined and validated by a wide range of  independent reviews. Some are from US federal agencies such as the National Oceanic and Atmospheric Administration, Department of Interior, and Department of Homeland Security. Additional studies by cybersecurity firms Kivu Consulting, Booz Allen Hamilton, and FTI Consulting have found no evidence of any unexpected data transmission from DJI drones. For a greater view into our security protocols and audit reports, visit the DJI Security Response Center.

But remember, you can take advantage of our special bug bounty incentive only until Dec. 31, 2020. Grab full details of the DJI Bug Bounty Program Policy here and act quickly to reap double the rewards! 

 
Share on Social Media:

Tags: Drone Ecosystem

System Security White Paper Mobile CTA

To stay in touch and receive ebooks, resources, and product updates, subscribe to our newsletter.

Ishveena Singh
About the Author Ishveena Singh

Related articles

Recent Posts

Product Innovation

M300 V3 Firmware Update is Here

In the year and a half since we released the Matrice 300 RTK, we’ve seen it redefine what it means to be a rugged, reliable drone platform. Offering performance even in the most challenging of...
Read More

Product Innovation

This is What 300,000 Hours of Work on Data Security Looks Like

Whatever reason you use your drone — from surveying to search and rescue, to filmmaking or farming — keeping your data secure is important. You want the autonomy to control who does and, perhaps more...
Read More

Other

How to Unlock a GEO Zone on Your DJI Drone

As the largest manufacturer of personal and professional drones in the world, DJI has innovated several solutions that ensure drones are a safe addition to low-altitude airspace. Many of these...
Read More

Drone Ecosystem

AirData is Taking Its Drone Fleet Management Platform to the Next Level With the Integration of DJI Maintenance

Although they’re smarter and far easier to fly than they used to be, drones remain complicated machines. Things can and do occasionally go wrong. The challenge for drone program managers is to...
Read More