As reported by the Register, security researcher Kevin Finisterre discovered the Chinese firm had left the private keys of the DJI HTTPS domain on GitHub, exposed for all to see for roughly four years. To make matters worse, DJI had also made AWS credentials and firmware AES keys available for anyone to search for through the GitHub repository.[…]Earlier this year the US Army issued a blanket ban on the use of DJI products by its personnel. It gave no reason for doing so, other than unspecified “cyber vulnerabilities,” and was rapidly followed in doing so by the Australian military. Several British police forces also use DJI drones for operations, in place of helicopters.[…]
https://www.theregister.co.uk/2017/11/16/dji_private_keys_left_github/