PT-2024-2641 · Dji · Dji Matrice 300 +6

Name of the Vulnerable Software and Affected Versions: DJI Mavic 3 Pro versions prior to v01.01.0300 DJI Mavic 3 versions prior to v01.00.1200 DJI Mavic 3 Classic versions prior to v01.00.0500 DJI Mavic 3 Enterprise versions prior to v07.01.10.03 DJI Matrice 300 versions prior to v57.00.01.00 DJI...

Drones and the US Air Force

Fascinating analysis of the use of drones on a modern battlefield--that is, Ukraine--and the inability of the US Air Force to react to this change. The F-35A certainly remains an important platform for high-intensity conventional warfare. But the Air Force is planning to buy 1,763 of the aircraft...

Dronetag Drone Scanner Security Vulnerability

Dronetag Drone Scanner is an application for scanning the surroundings for data broadcast by drones e.g. identification and localization. It collects data and presents it to the user on a map. A security vulnerability exists in Dronetag Drone Scanner version 1.5.2. An attacker exploited the...

Robots Are Fighting Robots in Russia's War in Ukraine

Aerial drones have changed the war in Ukraine. Now, both Russia’s and Ukraine’s militaries are deploying more unmanned ground robots—and the two are colliding...

hellenicdrones.gr Improper Access Control vulnerability OBB-3833356

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Fedora 39 : unrealircd (2023-cfe04c6093)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-cfe04c6093 advisory. UnrealIRCd 6.1.3 The main focus of this release is adding countermeasures against large scale spam/drones. Upstream does this by offering a central API which...

CVE-2023-47625

CVE-2023-47625 affects PX4 Autopilot. A global buffer overflow exists in CrsfParser_TryParseCrsfPacket (CrsfParser.cpp:298) due to an invalid size check, enabling a remote RC packet to overflow the _rcs_buf and cause the drone to behave unexpectedly. Impact: potential instability or denial of ser...

This Is the Ops Manual for the Most Tech-Savvy Animal Liberation Group in the US

For the first time, guerrilla animal rights group Direct Action Everywhere reveals a guide to its investigative tactics and toolkit, from spy cams to night vision and drones...

CVE-2023-46256

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of parserbufindex value checking. A malfunction of the sensor device can cause a heap buffer overflow...

CVE-2023-46256 PX4-Autopilot Heap Buffer Overflow Bug

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of parserbufindex value checking. A malfunction of the sensor device can cause a heap buffer overflow...

CVE-2023-46256 PX4-Autopilot Heap Buffer Overflow Bug

PX4-Autopilot provides PX4 flight control solution for drones. In versions 1.14.0-rc1 and prior, PX4-Autopilot has a heap buffer overflow vulnerability in the parser function due to the absence of parserbufindex value checking. A malfunction of the sensor device can cause a heap buffer overflow...

The Future of Drone Warfare

Ukraine is using $400 drones to destroy tanks: Facing an enemy with superior numbers of troops and armor, the Ukrainian defenders are holding on with the help of tiny drones flown by operators like Firsov that, for a few hundred dollars, can deliver an explosive charge capable of destroying a...

The Dangerous Mystery of Hamas’ Missing ‘Suicide Drones’

Hamas has long touted its military drones, but little is known about the true scale of the threat. The answer may have consequences for people on both sides of the Israel-Gaza border...

Axon's Ethics Board Resigned Over Taser-Armed Drones. Then the Company Bought a Military Drone Maker

The CEO’s vision for Taser-equipped drones includes a fictitious scenario in which the technology averts a shooting at a day care center...

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control

Drones that don't have any known security weaknesses could be the target of electromagnetic fault injection EMFI attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which found that it is...

Alert: New Electromagnetic Attacks on Drones Could Let Attackers Take Control

Drones that don't have any known security weaknesses could be the target of electromagnetic fault injection EMFI attacks, potentially enabling a threat actor to achieve arbitrary code execution and compromise their functionality and safety. The research comes from IOActive, which found that it is...

Serious DJI Drones Flaws Could Crash Drones Mid-flight

By Habiba Rashid During their assessment, the researchers discovered a total of 16 vulnerabilities with a broad range of impacts, from denial of service to arbitrary code execution. This is a post from HackRead.com Read the original post: Serious DJI Drones Flaws Could Crash Drones Mid-flight...

Friday Squid Blogging: We’re Almost at Flying Squid Drones

Researchers are prototyping multi-segment shapeshifter drones, which are "the precursors to flying squid-bots." As usual, you can also use this squid post to talk about the security stories in the news that I havent covered. Read my blog posting guidelines here...

Small Drones Are Giving Ukraine an Unprecedented Edge

From surveillance to search-and-rescue, consumer drones are having an unprecedented impact on Ukraine’s defense against Russia...

Information disclosure

DJI drone devices sold in 2017 through 2022 broadcast unencrypted information about the drone operator's physical location via the AeroScope protocol...