WTF DJI, UAV CTF?! (camp2023)

We'll take a look at how DJI - dominating player for commercial and recreational drones - builds their software, specifically from a security angle. This talk will discuss DJI drones, most specifically the DJI Mini-series; looking at the hardware, discussing attack angles, up to a full compromise of a current drone for custom firmware purposes. Along the way, we'll look at a lot of security WTFs that allow to pwn these devices. The amount and quality of bugs sometimes feel like you're trapped in a very cool hardware CTF. We'll go from sniffing hardware busses, making fun of incorrect usage of SoC security features over to how DJI consistently and knowingly violates the GPL, into executing custom code on the flight controller and Linux system. about this event: https://pretalx.c3voc.de/camp2023/talk/PREGSS/