Tech giant DJI has provided a detailed response to legislation that seeks to ban its drones in the US. If passed, the “Countering CCP Drones Act” would prevent operators from buying the latest DJI drones — and may also potentially ground existing fleets, regardless of how operators use them — because it would prohibit DJI from operating on US communications infrastructure. The bill has already advanced to clear a Congress committee hearing.
The world’s leading drone maker DJI has clearly had enough of the recurring accusations about the data security of its craft, and the attendant blacklists drawn up by US political leaders offering no substantiation of their claims. In response, the company has issued a rare clarification about the steps it takes to secure user information on its craft.
US politicians responding to soured relationships and strong distrust of China have again tabled legislation seeking to prohibit use of technology produced by companies from the nation, with popular and widely deployed DJI drones clearly the primary focus of those efforts.
In spite of the rash of largely protectionist blacklisting initiatives in the US justified by nominal data piracy motives, a new survey commissioned by drone and onboard tech specialist Teledyne FLIR indicates information leak risks remain a middling UAV purchasing criterion for US enterprise and public administrations operators.
A cybersecurity news website says its research team has discovered a 54.5GB unprotected database of DJI drone logs. The leaky data contains over 80,000 unique drone IDs, aircraft model and serial numbers, the position of the drone’s pilot, and more.
It doesn’t appear the US turbulence that the world’s largest maker of drones has faced for the past year is ending just yet, following a news report alleging DJI received direct funding from China’s state organizations despite its holding structure as a private, independent firm.
As the backlash against it continues to grow, DJI insists it’s getting even more focused on data privacy. For the last five years, DJI has had a team of 30 devoted entirely to the privacy and data security features of its products. Collectively, this team has contributed more than 300,000 hours to bolster DJI’s apps, servers, chipsets, and firmware, the company says.
It’s been nearly a year since the Ring’s Always Home Cam was unveiled at Amazon’s hardware event, and the reasons to love or hate the household security drone have been unrestrainedly shouted ever since. Now consumers are finally getting the chance to adopt the aerial watchdog, and either adore or detest it in their very own abode, sweet abode.
Leading players in Europe’s drone sector have banded together to create the Drones4Sec “action tank,” whose objectives include coordinating the increased use of efficient uncrewed aerial systems and automated applications with maximal respect for data protection.
French drone manufacturer Parrot has partnered with digital security specialist WISeKey to reinforce protection of data collected and transmitted by Parrot craft. As part of that, the pair will also work toward a more ambitious goal of hardware and communication system protection of data that may serve as the basis for global security standards for unmanned aerial vehicles (UAV).
We’re all familiar with the threat posed by malware and viruses when it comes to our computers. But what about drones? Should we be offering protection for them as well? The concept certainly makes sense, and two companies have joined forces to work on a solution.
An executive order is being prepared by the Trump administration that would effectively ban all federal departments and agencies from buying or using foreign-made drones. They claim the drones pose a risk to national security, according to TechCrunch. Expand Expanding Close
DJI’s Brendan Schulman, vice president of policy and legal affairs, talks about drones, fighting the coronavirus with agricultural drones, the FAA’s NPRM on Remote ID, and data security with Julia Chatterley on CNN.
Today the U.S. Department of Interior issued an order that basically grounds their entire Chinese-made drone fleet except for in a few special situations such as fire fighting and search and rescue missions. Understandably, DJI is not at all pleased with this order and responds to the U.S. Department of Interior drone order issued the following statement.
After temporarily grounding its fleet of drones last year, the U.S. Interior Department grounded its drone fleet after issuing an order today to formally adopt a no-fly rule aimed at drones made in China or with Chinese parts. Exceptions will be made for those situations in which drones are needed to respond to natural disasters or other emergencies.
On Wednesday, the same day that DJI launched the DJI Mavic Mini, the US Department of the Interior announced that all DJI drones and other Chinese-made unmanned aircraft or UAVs that contain Chinese-made parts in its fleet are to be grounded as part of a review of the department’s drone program. This is the latest threat to DJI’s drone business in the United States.
Over the last few years, many government officials have worried about drones being used to spy on the US and sending sensitive data back to China. Well, maybe it is not so much the drones we need to worry about, but balloons. Check out this story about the Pentagon testing mass surveillance balloons across the US.
DJI drones banned by Cape, a drone software company that supplies US law enforcement agencies. It said that because of security concerns it will no longer work with DJI or other Chinese drone manufacturers. The tech company supplies dozens of public safety agencies as well as state and local law enforcement in the U.S and some other countries.
It seems that DJI is finally getting a break from concerns that various government agencies have expressed about the security of the data captured by DJI’s drones. After an independent 15-month testing program that included thousands of drone flights with models such as the DJI Mavic Pro and DJI Matrice 600 Pro, the Department of the Interior (DoI) has validated and approved the DJI Government Edition.
When the DoI started testing in April 2018, the newer Mavic 2 Pro, Zoom and Enterprise Edition had not yet hit the market, so were not included in the test. DJI told DroneDJ that testing has not yet started on the newer Mavic 2 drones, as the Mavic Pro and Matrice 600 tests have just been finished.
See DJI’s press statement below for all the details.
In a short interview on FOX Business Network’s After the Bell, DJI Director of Strategic Partnerships, Jan Gasparic said that “customers’ data is theirs and theirs alone”and “The fact is that your data sits on the drone itself, that’s fundamental.” There’s a link to the video of the interview below. Expand Expanding Close
In response to the DHS Alert from earlier this week, that caused quite some commotion after being picked up by major news outlets, DJI has posted their official response on the DJI Hub website. The drone maker says that their customers’ data is none of their business. They state that their goal is to provide a “reliable drone platform” and that their drones exceed or meet the DHS recommended mitigating measures. In DJI’s response, the company outlines five recommendations to keep your data safe.
Over the last few years, concerns about DJI’s data handling and security have flared up a number of times. With this week’s headlines, it seems that DJI gets sucked into the escalating trade war between the United States and China. Is the Chinese drone maker at risk of being viewed like another Huawei? A ban on buying DJI drones and products for US companies would be a significant blow to all the organizations and agencies that have come to rely on DJI’s drones to do good. Many rescue workers, police, and fire departments use DJI’s products to help save people’s lives. And, as unfortunate as it may be, there is currently hardly any alternative (except maybe the Parrot Anafi Thermal) for DJI’s capable AND affordable drones for many of these organizations.
If you, or your organization, are impacted by the data security concerns around DJI’s drones, we would like to hear from you either in the comments below or per email. Thank you!
For DJI’s official statement and their recommendations to keep your data safe while using DJI’s drones keep reading.
On Monday, the U. S. Department of Homeland Security expressed ‘strong concerns’ that Chinese-made drones, including DJI’s aircraft, could potentially be sending sensitive flight information to their China-based manufacturers, where it could be accessed by the Chinese government. The warnings from DHS follow the executive order from President Trump against Huawei and are the latest development in the escalating trade war between the United States and China.
Last Monday, we wrote about the Kivu report’s findings. Today we are taking a closer look as DJI has sent us a copy of the full report. Because of competitive reasons the Chinese drone maker has requested us not to post the entire report online or share any of the images. However, we are free to share segments of the text with you. The 27-page document is the result of Kivu Consulting’s forensic investigation of DJI’s UAV Data Transmission & Storage practices and contains information about Kivu’s methodology, analysis, findings, and explains up to a degree what information is collected and to which servers it is going. For their investigation, Kivu independently bought a DJI Spark, Mavic Pro, Phantom 4 Pro and Inspire 2 model drones as well as a Huawei Honor 5x smartphone with the Android operating system and an iPhone SE running iOS. We went through the entire report to see if any new information came to light and to see where your information might be going to.
Last year DJI dealt with a number of cybersecurity-related issues, including a hot-patch mechanism in their DJI Go 4 app, a researcher who found sensitive user data accessible on Amazon Web Services servers, the U.S. Army declaring to no longer use DJI drones, a claim from U.S. Immigration and Customs Enforcement (ICE) that DJI drones could perform facial recognition and U.S. officials who wondered whether DJI was sending sensitive information back to China. Today, DJI released the summarized findings of an independent report, but paid for by DJI, from Kivu Consulting, Inc. in a response to these allegations. Kivu concluded that “users have control over the types of data DJI drones collect, store, and transmit.”