There’s been a lot of talk about DJI and data security this past week. After a US Army memo was published stating that DJI drones were to be grounded amid concerns over ‘Cyber vulnerabilities’, regular pilots are probably wondering what all the fuss is about.
With some justification, the military has deemed that there are one too many risks associated with using DJI products for classified missions. After all, DJI hasn’t designed its products to meet the security requirements of government agencies, even though many continue to use them.
In an article published by The Verge, details were provided about a study that was done in October last year by the National Oceanic and Atmospheric Administration. The aim was to see how secure data is when using DJI products.
Using the DJI S-1000, researchers studied the drone to “better understand if any data collected by the aircraft would be transmitted to the Internet during flight or during the subsequent transfer of the data to computers for post-processing.”
The results from the NOAA’s tests were conclusive to an extent: the S-1000 presented no threat for data leakage. “The majority of transactions to the DJI servers were to login to DJI servers hosted at both Amazon Web Services and Linode to check for software updates. These transactions are quite common for software of this type, and nothing unusual was detected during the experiment,” the report states.
“There was no evidence whatsoever of any attempt by any software to transfer any data from the aircraft.”
Questions Remain Over Data Security Despite NOAA Report
However, Ed Dumas – a programmer at NOAA and one of the study’s authors – admitted that he ran similar tests on his own Phantom 3 professional and discovered that the unit was “sending encrypted data back to DJI and servers whose location he could not determine.”
It’s also come to light, via a more recent amendment to the article, that the NOAA study used a third-party remote and independent ground station. So the official DJI app and remote were not connected or tested.
Which leaves us with more questions than answers, especially considering none of DJI’s other products were tested.
DJI’s Adam Lisberg said in a statement that the company produces drones for civilian purposes, intimating that DJI’s customers shouldn’t be worried about the background processes of their devices. “They are built for personal and professional use, and are not designed for military uses or constructed to military specifications. We do not market our products for military customers, and if military members choose to buy and use our products as the best way to accomplish their tasks, we have no way of knowing who they are or what they do with them.”
“The US Army has not explained why it suddenly banned the use of DJI drones and components, what “cyber vulnerabilities” it is concerned about, or whether it has also excluded drones made by other manufacturers.”
“Around the globe, businesses and governments rely on DJI to provide an aerial perspective on their work to save time, save money and sometimes even save lives. Even in highly sensitive applications involving critical infrastructure, customers use DJI products with confidence that they can accomplish their tasks.”
Israel Sticks With DJI
Interestingly, the Israeli army has announced that it won’t be making a similar decision to its US counterparts. The IDF will continue to use DJI’s consumer drones in the field, including Mavic Pros and Matrice models in the West Bank as part of an initiative to give fighters better capabilities against the enemy.