← Back to context

Comment by thih9

1 day ago

> GoPros are used all over in aerospace. If we replaced the brand with Insta360, that puts a big attack vector all over the place.

What would the attack vector be? I’m not saying there isn’t any, I don’t know much about aerospace and this sounds interesting.

> What would the attack vector be?

The cameras. But quite how, I don’t know.

  • Any backdoored camera with wireless networking can take pictures remotely.

    • Cloud risks are very true - for both GoPro and DJI.

      About a year ago, I was looking for an action camera. I found a good DJI product, but then I learned that you have to link the camera to an app in order to use it. I am fundamentally opposed to that idea, so I looked up the equivalent GoPro camera. Turns out GoPro also requires you to activate the camera with a smartphone app.

      I don't want to send my data to a company for something as trivial as an action cam. I was surprised to find that the US model had such an evil requirement, mirroring the Chinese model.

      In the end, I bought the DJI action cam (cheaper, better) and activated it in a public location using a burner phone. You only need to use the app once to free the device and take it offline, after which you can delete the surveillance app. I have found no fingerprinting in the created media yet.

      GoPro would have made an easy sale with me, if they had been more privacy/power aware.

Cameras need to connect somewhere, somehow to offload their videos/photos. Whether that's network, USB, SD card, those are all attack vectors. Hell, even the files themselves can act as payloads.