DJI drones pass critical data security metric set by US, Canada

dji drone data security us government

DJI says its drone hardware has been validated in a vital security benchmark established jointly by the US Department of Commerce and the Canadian Centre for Cyber Security. Achieving this globally recognized security standard is important for the Chinese drone maker, which has faced recurrent negative publicity on accusations that its drones share user data back with state organizations in China.

DJI Core Crypto Engine – a firmware hybrid cryptographic module that provides foundational security services for the entire platform, including cryptography, key management, platform identity, secure boot, and secure Life Cycle State (LCS) –  has passed the Cryptographic Module Validation Program (CMVP) to receive Federal Information Processing Standard (FIPS) 140-2.

As DJI points out, FIPS 140-2 compliance has been widely adopted around the world in both governmental and non-governmental sectors as a practical security benchmark and realistic best practice. The standard ensures that the hardware validated meets specific security requirements.

DroneDJ reached out to DJI to find out if the Core Crypto Engine module is being leveraged in all aircraft manufactured by the company or specific enterprise products only. We were told that all DJI drone models excluding the Mini 2 and the Phantom series are equipped with Core Crypto Engine.

Meanwhile, the company’s senior director of corporate strategy, Christina Zhang, is echoing the message the drone maker has often tried to convey to its critics: “We’re not a data company, we just make drones.” Here’s Zhang:

When it comes to data, DJI has very strong principles around transparent usage, security, and privacy.  We truly believe that “customer data is none of our business” and understand how important data security is for the people, businesses, and government agencies that rely on our platforms. This encryption validation is a testament to how tirelessly we strive to make customer data and privacy more secure by tightening existing systems, innovating new ones, and embracing new methods and technologies.

DJI further states that from this point on, all drones containing the DJI Core Crypto Engine will ensure compliance with the trusted, authoritative, and globally recognized security standard of FIPS 140-2, whether flown for leisure or operated for business. “This is particularly key for enterprise or government customers requiring this specification and additional peace of mind,” DJI says.

Read: All about DJI’s new Mavic 3M multispectral imaging drone

Subscribe to DroneDJ on YouTube for exclusive videos

Load more...
Show More Comments