A recent memo from sUAS news stated that the US Army would be terminating any and all connections with DJI products, more specifically drones. The cameras and software alike provide threats to the safety and integrity of the Army; they stated, “[this is] due to increased awareness of cyber vulnerabilities associated with DJI products.” The Army’s statement, while vague, could mean a variety of things, including changes, upgrades, and technical difficulties for a wide spectrum of people. Read below to find out more:
The Army Research Lab delivered an initial document, titled, “DJI UAS Technology Threat and User Vulnerabilities.” Though classified, and released in May 2017, this document likely outlines the security issues found in the software and hardware of DJI products, and potential solutions to these threats. The second document, also from May, is titled, “Operational Risks with Regards to DJI Family of Products.” Both of these documents, from the titles alone, sound incredibly serious. When dealing with a “client” the size of the US Army, potential breaches in any system are a huge problem. Though DJI was not instantly cut off, and the last few months were likely spent searching for new and improved systems to incorporate into DJI products, it makes sense that the ban is finally being placed, seeing as it may be easier to simply outsource to another company.
The US Army produced these documents. So what about the other branches? Are the Marines, Air Force, Navy, and Coast Guard following these restrictions as well? A sequence of events that decide that DJI products are not secure enough for the Army probably means that the other branches will follow suit.
A small drone with an even smaller camera is made to fly for only a few miles, with no weaponry. So what’s the big issue? Well, DJI drones are extremely accurate with their positioning. Using GPS and radio signals, the drones can relay information in an instant to smartphones and tablets, giving the users access to locations and altitude, among other data points. When one combines this with their high-quality imagery capabilities, hostile forces could potentially hijack drones and discover hideouts and bases that are otherwise unknown to the public. A captured drone flying over US bases could relay a lot of classified information, such as strategies, tactics, and architectural information, among other things.
Russian software such as SkyGrabber and Coptersafe have bypassed DJI restrictions and allowed for control of drones while airborne and the removal of flight restrictions. It is not out of the question to think that other freelance software companies have made software to intercept drones flying at higher and more remote altitudes, which again could be a big issue if those drones belong to the US forces. More specific information can be found here at FStoppers coverage of the issue.
“We are surprised and disappointed to read reports of the U.S. Army’s unprompted restriction on DJI drones as we were not consulted during their decision. We are happy to work directly with any organization, including the U.S. Army, that has concerns about our management of cyber issues.
We’ll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by ‘cyber vulnerabilities’. Until then, we ask everyone to refrain from undue speculation.”
DJI seems relatively unprompted about this matter. It seems evident that they want to keep a working relationship with the Army, and any consumers who may potentially back out of a deal now that their products have been said to have “cyber vulnerabilities.” While embarrassing, I believe that DJI of all companies is handling this very professionally, and although it is a curious issue to think that the industry-leader for drones is now being banned by the US forces, this potentially opens an opportunity for DJI to improve their encryption algorithms and design more secure drones and systems that are much more difficult to unlock; hence, hindering the possibility that a company such as Coptersafe make yet another software that allows users to put DJI drones in potentially harmful situations.
Last modified: August 8, 2017