Army Drops DJI Citing Cybersecurity Concerns

By Thomas L. Gemmell

According to a Department of Defense memorandum referenced by sUAS News, the U.S. Army and Navy have concluded that there are cybersecurity risks associated with using Unmanned Aircraft Systems (UAS), or “drones,” manufactured by Dajiang Innovation (DJI), the world’s most prolific developer and manufacturer of commercial and hobby drones. Citing research memoranda by the Army Research Laboratory, DJI UAS Technology Threat and User Vulnerabilities, dated 24 May 2017, and Navy, Operational Risks With Regards to DJI Family of Products, dated 24 May 2017, the Army directed the Service to discontinue all uses of DJI products, including “all DJI UAS and any system that employs DJI electrical components or software including, but not limited to, flight computers, cameras, radios, batteries, speed controllers, GSS units, handheld control stations, or devices with DJI software applications installed.” The ban is significant given that the Army had "issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets.” Without going into detail, the Army noted that the order was “Due to increased awareness of cyber vulnerabilities associated with DJI products.”

Of particular note in this regard, in May sUAS News published an article, A Global Information Gathering Network for UAS – DJI data collection, in which the author noted DJI’s ability to mine data without the operator’s knowing consent: “Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent.” The author also pointed out that when DJI users elect to upload data to their SkyPixel accounts through the DJI app, the data, including photos, videos, and audio, and telemetry data detailing the height, distance, and position of recent flights can be stored on servers in the U.S., Hong Kong and China. Thus the Army and Navy are clearly concerned about the unwitting disclosure to DJI – as well as global intelligence agencies – of sensitive and mission critical data as the result of their use of DJI systems and software. 

Where the U.S. military goes from here is uncertain. What is clear, however, is that with thousands of new drones taking to the sky each month, concerns over privacy and data security will only increase. The DJI revelation highlights that the concern is no longer limited to where to fly and what to surveil but reaches to the forfeiture of one’s privacy as the result of mere product registration. 

Click here to learn more about Polsinelli's Unmanned Aircraft Systems and Advanced Robotics practice, or contact Thomas L. Gemmell and Emanuel Anton.