Drone firm DJI promises 'local data mode' to fend off US government's mooted ban
Protectionist public policy prompts fresh focus on infosec fears
Chinese drone maker DJI has commissioned yet another security audit with FTI Consulting that's given it a clean bill of health, as the US government reportedly prepares to ban its remote controlled aircraft from American skies.
DJI, whose headquarters are in the Chinese city of Shenzhen (the firm’s full name is Shenzhen Da-Jiang Innovations Technology Company) has reacted to claims that US regulators intend shutting it out of their market by announcing that a new “local data mode” will be implemented.
In a statement DJI said its local data mode “eliminates internet connectivity and prevents the transmission of all drone data over the internet,” promising to add this to its DJI GO4 and DJI Fly flight control apps “within the coming months”.
“This expansion brings Local Data Mode to operators of all recent DJI drones, allowing commercial and government customers, including public safety agencies and other federal, state and local government users, to confidently choose the best DJI drone for each mission,” boasted the firm, which, perhaps justifiably, claims to have a dominant position in the global small drone market.
If this sounds familiar, you’re right: two years ago DJI was fending off claims that its software beamed data gathered by its drones back to China, where the Chinese government could pore through it at will. The issue was so hot that the US Army banned DJI’s drones from use by military personnel at the time.
A code audit carried out by FTI Consulting was said to have revealed no causes for concern, with DJI posting the exec summary (but not the full audit) on its website as a PDF. It had access to 20 million lines of source code, according to the summary, with analysis focusing on code concerned with “communication protocols and network activity with host infrastructure”. Some “low risk vulnerabilities” were found, with the consultants concluding these “posed minimal risks to consumers”. Some controllers for the drones were using “outdated versions” of Android.
Returning to the present day, Flight Global reported in August that the US Department of Defence had approved five American small drone manufacturers’ products for use by the US military, including craft from existing DJI arch-rival Parrot.
“The US Congress is considering banning the US federal government from using foreign-made drones as part of its 2021 National Defense Authorization Act,” reported Flight. A junior US defence minister, Ellen Lord, in charge of procurement, added to the aerospace magazine: “We looked at the fact that basically DJI from China had decimated our industrial base for small UAVs, quadcopters and so forth, through pricing that was sub-cost and so forth.”
DJI has consistently denied that it engages in predatory pricing, much in the same way as Huawei has consistently denied that its technology poses a security threat to the West. While you may or may not believe the vendors, the issue boils down to one of politics rather than pure fact.
Last year a Chinese developer who accidentally leaked one of DJI’s private SSL keys on Github was jailed for six months. Possession of the key would have allowed any knowledgeable person to spoof DJI’s website and read off whatever encrypted data was being sent back to it. ®