PARIS, Sept. 17, 2020 – Parrot, the leading European drone group, is pleased to announce the results of an independent data-privacy and security audit of its FreeFlight 6 mobile application for the ANAFI series of drones. The extensive audit was conducted by Bishop Fox, one of the most recognized private offensive-security professional services companies, in order to scrutinize and objectivize potential security vulnerabilities and privacy issues in the FreeFlight 6 app.
Bishop Fox’s deep assessment of the FreeFlight 6 mobile application for iOS and Android, as well as FreeFlight 6’s API web services, showed that the app delivers on Parrot’s promise of exceptional data security, protection and transparency. No user data is shared by the app unless the user explicitly chooses to share the information. The Bishop Fox team performed automated vulnerability scanning, source code review, and manual penetration testing in order to assess FreeFlight 6’s data-privacy protections and vulnerability to real-world exploits and attacks.
“The Bishop Fox team did not discover any functions in the source code to transmit flight data to Parrot-controlled storage outside of user-approved drone flight logs. Additionally, the team did not observe any transmission of drone- or application-captured media (photos, videos, audio clips) other than user-initiated sharing to social media.”
The Bishop Fox security and privacy audit for the Parrot FreeFlight 6 app confirmed the following key findings:
Victor Vuillard, Chief Security Officer and Chief Technology Officer of Cybersecurity at Parrot applauds these results:
Parrot teams are fully committed to providing products designed to meet the highest level of security and personal data protection requirements. Bishop Fox’s assessment proves the high level of security and privacy that Parrot reached for all of its users’ benefits. We are proud to offer the most secure UAVs.
As part of Bishop Fox’s comprehensive assessment, two medium-risk vulnerabilities and three low-risk vulnerabilities were identified in the FreeFlight 6 mobile app. The Bishop Fox team found that none of the vulnerabilities would impact user privacy or security.
Parrot’s upcoming software update will further strengthen two minor issues identified related to configuration encryption. Following an internal review and based on user feedback, Parrot accepts the risk associated with the remaining medium- and low-risk vulnerabilities related to authorization token expirations, root and jailbreak detection and certificate pinning, as the benefits to both user experience and transparency, far outweigh the low-risks.
For a detailed letter of summary by Bishop Fox regarding the independent audit of Parrot FreeFlight 6, please visit: