New cybersecurity risk audit gives clean chit to DJI Mavic 3, Mini 2, Air 2S drones

dji drone faa remote id date cybersecurity privacy audit

So, here’s some good news for DJI drone users who regularly find themselves getting perplexed by reports of a purported “Chinese drone spy threat.” A new independent audit of DJI Mavic 3, Mini 2, and Air 2S drones, as well as the DJI Fly app for iOS and Android, has found that the products fulfill key cybersecurity and privacy protection requirements established by both the US and Europe.

This development is important because while there have been several independent audits in the past that have reviewed and cleared the cybersecurity protocols for DJI drones used in sensitive government and business operations, no such audit has focused solely on drones designed for fun and entertainment.

As part of the audit process, German testing and certification firm TÜV SÜD purchased consumer-centric DJI Mavic 3, Mini 2, and Air 2S drones independently through open commercial channels and downloaded the DJI Fly app for both iOS and Android.

The auditors then tested the aircraft in accordance with the cybersecurity standards established by the US National Institute of Standards and Technology (NIST) and European Telecommunications Standards Institute (ETSI), as well as the industry-recognized Open Web Application Security Project (OWASP) Mobile Application Security, and the Penetration Testing Execution Standard (PTES).

This is what TÜV SÜD, which has been keeping tabs on technology-related risks for more than 150 years now, concluded in its report:

DJI drones have comprehensive security features based on standards of practice, and the sensitive information in the communication process of App DJI Fly v1.5.10 (iOS & Android), as well as the cloud flight data synchronization process of DJI drones, are both encrypted and transmitted through SSL, which can avoid most common security risks. The cybersecurity capabilities and privacy protection aspects of DJI drones meet the requirements of NIST IR 8259 and ETSI EN 303645 standards covered by this test.

DJI, of course, has taken the opportunity to reiterate that it has strong protections in place for customer data in its drones and apps for the consumer market. Just last week, the tech giant shared that its drones had been validated in a vital security benchmark established jointly by the US Department of Commerce and the Canadian Centre for Cyber Security.

Here’s Christina Zhang, senior director of corporate strategy at DJI, talking about the new TÜV SÜD audit:

DJI builds strong data protections into all our products, and our enterprise customers know their professional drones and apps are built from the ground up to protect their photos, videos, and flight logs. With this new TÜV SÜD audit, DJI can offer the same assurance to people around the world who use our consumer products as well. From a small drone in a backyard to a large drone in a life-or-death public safety operation, a broad array of independent experts have shown that DJI products give their users full control over their data.

It’s worth noting that the German audit firm performed a separate independent assessment of select enterprise products too, including the DJI Matrice 300 drone, DJI Pilot flight control app, and DJI Assistant 2 computer app. That review also confirmed that the products have comprehensive security features in place to protect sensitive information.

The summary of these reports can be found here and here.

Also see: 18 fabulous drone photos from weekly selections of DJI and SkyPixel’s annual contest

Subscribe to DroneDJ on YouTube for exclusive videos

Load more...
Show More Comments