Chinese dev jailed and fined for posting DJI’s private keys on GitHub

A Chinese software developer who previously expressed suicidal thoughts has been jailed after putting one of drone company DJI’s AES private keys onto Github in plain text. That key, as we revealed at the time in January 2018, allowed world+dog to decrypt DJI’s encrypted flight control firmware, paving the way for the curious and the malicious alike to bypass geofencing and other performance restrictions on their DJI drones. Also disclosed in plain text was a wildcard SSL key for *.dji.com, giving anyone with the right skills the ability to spoof DJI’s website and decrypt encrypted comms between DJI drones and the company’s own servers in China.

Source: www.theregister.co.uk