In the world of drones, safety and privacy are still two of the major topics that pilots, manufacturers, and governments have to deal with. Usually, we associate these topics with how well the drone’s safety systems work while flying, and the laws and regulations revolving them. However, these two topics also relate with something very present in our lives: the Internet and hackers.
A few months ago, the US Army claimed DJI drones have “cyber vulnerabilities” and banned its use for army operations.
“Cease all use, uninstall all DJI applications, remove all batteries/storage media from devices, and secure equipment for follow on direction,” as written in the US Army’s memo regarding this subject.
The US Army’s concern was about what’s communicated between the drones and DJI’s servers, and what could get into a hacker’s hands. It’s well-known that DJI is capable of making its drones comply with no-fly zones, so it’s clear there is some kind of active communication, but the company has said in the past that it doesn’t track devices, and can’t access unit audio or video feeds.
“DJI makes civilian drones for peaceful purposes,” a DJI spokesperson said, “We do not market our products for military customers, and if military members choose to buy and use our products as the best way to accomplish their tasks, we have no way of knowing who they are or what they do with them. The US Army has not explained why it suddenly banned the use of DJI drones and components, what ‘cyber vulnerabilities’ it is concerned about, or whether it has also excluded drones made by other manufacturers.”
In October 2016, the National Oceanic and Atmospheric Administration used Wireshark software to verify what was transferred between a DJI S-1000 drone and the company’s server. The result presented no threat for data leakage as “the majority of transactions to the DJI servers were to login to DJI servers hosted at both Amazon Web Services and Linode to check for software updates. These transactions are quite common for software of this type, and nothing unusual was detected during the experiment.”
To fight off these “accusations” and solve this issue, DJI has recently launched a new Local Data Mode. This new mode stops internet traffic to and from its DJI Pilot app, in order to provide enhanced data privacy assurances for sensitive government and enterprise customers.
“We are creating Local Data Mode to address the needs of our enterprise customers, including public and private organizations that are using DJI technology to perform sensitive operations around the world,” said Brendan Schulman, DJI’s Vice President of Policy and Legal Affairs. “DJI is committed to protecting the privacy of its customers’ photos, videos and flight logs. Local Data Mode will provide added assurances for customers with heightened data security needs.”
Although the Local Mode helps to secure your own privacy, the fact that it doesn’t connect to the Internet also introduces limitations. The DJI Pilot app will not be able to detect the location of the user, show the map and geofencing information such as No Fly Zones and temporary flight restrictions. In addition, it will not notify drone operators of firmware updates. Telemetry data on flight logs such as altitude, distance or speed will remain stored on the aircraft even if the user deactivates Local Data Mode. It also reminds users “that they are solely responsible for the safety of their flight operation and that they understand that features that may enhance and support the safety of their operations, but that rely on internet connectivity, are no longer available.”
We’ve talked about how DJI has showcased their commitment to the enterprise market as well as more creative uses of DJI products in the commercial space, all of which make this release that much more relevant to commercial users. Local Data Mode releases in the next update on the DJI Pilot app on CrystalSky and for select Android tablets. However, the Local Data Mode feature may not be available in locations where an internet connection is required or highly advisable due to local regulations.