Wherein they completely reneg on paying out the $30000 as previously promised.
Leaving the researcher with a pile of security research that is ostensibly worth at least $30000 to somebody, no contractual obligations to anybody, and a possible "unclean hands" defense to any action DJI may subsequently bring against him.
If I were employed by any intelligence TLA or drone/UAV manufacturer, I'd already be at their door with warm smile and a briefcase full of cash.
Meh. The only entity this is worth USD 30k to is DJI, really. The issues found were an exposure of personal information on their servers, not s backdoor into the drone firmware or anything exciting like that, it seems. So no TLA employees with briefcases of money ;( I guess criminals looking for identity theft targets might have found it useful, too?
If you have access into their AWS, it's possible that you could either download the source yourself to find a backdoor (it was unclear if he had that access) or if none exists, upload one yourself.
Leaving the researcher with a pile of security research that is ostensibly worth at least $30000 to somebody, no contractual obligations to anybody, and a possible "unclean hands" defense to any action DJI may subsequently bring against him.
If I were employed by any intelligence TLA or drone/UAV manufacturer, I'd already be at their door with warm smile and a briefcase full of cash.