Last Monday, we wrote about the Kivu report’s findings. Today we are taking a closer look as DJI has sent us a copy of the full report. Because of competitive reasons the Chinese drone maker has requested us not to post the entire report online or share any of the images. However, we are free to share segments of the text with you. The 27-page document is the result of Kivu Consulting’s forensic investigation of DJI’s UAV Data Transmission & Storage practices and contains information about Kivu’s methodology, analysis, findings, and explains up to a degree what information is collected and to which servers it is going. For their investigation, Kivu independently bought a DJI Spark, Mavic Pro, Phantom 4 Pro and Inspire 2 model drones as well as a Huawei Honor 5x smartphone with the Android operating system and an iPhone SE running iOS. We went through the entire report to see if any new information came to light and to see where your information might be going to.
Data Security Stories April 25
Data Security Stories April 23
Last year DJI dealt with a number of cybersecurity-related issues, including a hot-patch mechanism in their DJI Go 4 app, a researcher who found sensitive user data accessible on Amazon Web Services servers, the U.S. Army declaring to no longer use DJI drones, a claim from U.S. Immigration and Customs Enforcement (ICE) that DJI drones could perform facial recognition and U.S. officials who wondered whether DJI was sending sensitive information back to China. Today, DJI released the summarized findings of an independent report, but paid for by DJI, from Kivu Consulting, Inc. in a response to these allegations. Kivu concluded that “users have control over the types of data DJI drones collect, store, and transmit.”
Data Security Stories December 27, 2017
Over the Holidays, people started to report on social media and in forums that they had received certfied letters in the mail from DJI. The letter, titled “NOTICE OF DATA BREACH“, warns DJI’s customers that their personal information, such as full name, address, date of birth, photo, and identification number (e.g., passport number or driver’s license number) as well as scanned photo identification such as ID cards and passports, stored on a server in the U.S., may have been accessible to unauthorized users.
Data Security Stories November 30, 2017
The market for consumer and commercial drones has been growing at a very rapid pace. According to the latest FAA numbers, there are now 943,535 registrations of drones and drone owners in the U.S. market at least, two-thirds of which are made by DJI.
Is leading drone manufacturer, DJI sending sensitive information captured by these drones of U.S. infrastructure and government installations back to China? This is a question that is being asked by U.S. officials.