US Army Calls Halt On Use of Chinese-Made Drones By DJI

Due to "an increased awareness of cyber vulnerabilities with DJI products," the U.S. Army is asking all units to discontinue the use of DJI drones. The news comes from an internal memo obtained by the editor of SUAS News. It notes that the Army had issued over 300 separate releases authorizing the use of DJI products for Army missions, meaning a lot of hardware may have been in active use prior to the memo, which is dated August 2nd, 2017. The Verge reports: SUAS News published a piece back in May of this year that made a number of serious accusations about data gathered by DJI drones. Author Kevin Pomaski starts out writing, "Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent." However, he never follows up with evidence to demonstrate how this data becomes public or can be found through a Google search. Pomaski also point out, correctly, that when DJI users elect to upload data to their SkyPixel accounts through the DJI app, this data can be stored on servers in the U.S., Hong Kong, and China. This data can include videos, photos, and audio recorded by your phone's microphone, and telemetry data detailing the height, distance, and position of your recent flights. DJI provided the following statement to The Verge: "People, businesses and governments around the world rely on DJI's products and technology for a variety of uses including sensitive and mission critical operations. The Department of the Army memo even reports that they have 'issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets.' We are surprised and disappointed to read reports of the U.S. Army's unprompted restriction on DJI drones as we were not consulted during their decision. We are happy to work directly with any organization, including the U.S. Army, that has concerns about our management of cyber issues. We'll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by 'cyber vulnerabilities.' Until then, we ask everyone to refrain from undue speculation."

Re:

[Tablizer]

DJI are simply profit-hungry assholes that depend on open-source to give them clues. They have ripped off and stolen everything they have ever done. This is the Chinese way.

American companies invent their own evil.

Just don't plug it in to the Internet

[ColdWetDog]

The drones can't download anything to anywhere without you actually and in fact connecting the control software (DJI Go) to the Internet. While it likes to do that as a default (as does everything this side of your toaster) it's easy to block. There are a lot of people flying DJI stuff that purposely DON'T allow the software to update in order to keep DJI from screwing things up. They have a very checkered history when it comes to 'updates' (Oops, you crashed).

Just don't understand what the paranoia is.

Re:Just don't plug it in to the Internet

[EndlessNameless]

Just don't understand what the paranoia is. Surely, somebody in the Defense Department's Cyber vetted the software. Yes?

That's where you run into problems with companies that release dodgy software.

Let's say you vet v1.1 to ensure it has no operational bugs that will affect your mission profile. You also verify that the software is not compromised in any appreciable way.

Eventually, there will be a vulnerability in v1.1, and you will have to upgrade to v1.2---ideally before any new missions are scheduled.

But wait, there's a critical bug in v1.2 so you cannot upgrade. You either accept the risk of operating with the v1.1 vulnerability, you postpone the mission, or you find another way to accomplish the objective.

If a manufacturer routinely releases poor-quality updates or takes too long to fix vulnerabilities, then it is absolutely reasonable to blacklist them.

And in this particular case, where the code is supplied by a company from an adversarial nation, maybe it is reasonable to exclude their products from consideration entirely.

Re:

[dAzED1]

did you say /maybe/ it is reasonable to exclude potential security products from adversarial nations? Every DITSCAP, DIACAP, or DIARMF process I've ever driven has *required* that. Anything actually assigned a mission assurance category - even MACIII - can't just be regular-ol' COTS. It has to be COTS that is then assessed, and part of that is if any sensitive information is ever involved, the COTS product likely can't stay COTS anymore (because none of them do labeling by default) and suddenly you now c

Re:

[rtb61]

Why the hell would you bother screwing with software, that can easily be checked. You always hack the little stuff. So preferred logical target, capacitors. You have high efficiency expensive small capacitors and low efficiency cheap large capacitors (same load). So you make small capacitor, fix a chip to it's surface in the current path and add a larger package over it. So in the chip in current path where transmissions can be received, has only one purpose, wait for the encrypted signal to be received and

Re:

[dAzED1]

where did I say anything about software? And wow but was that a whole pile of words you just gave us...

Re:

[ColdWetDog]

A lot of it is open source [github.com] software anyway. I think the majority of the Phantom firmware has been hacked and is now on Github.

Re:

[PolygamousRanchKid]

Well, at least the US military is not using routers made in China . . .

. . . oh . . . wait . . .

for some reason...

[Lead Butthead]

the Second Cylon War comes to mind.

Re:

[drinkypoo]

The drones can't download anything to anywhere without you actually and in fact connecting the control software (DJI Go) to the Internet. While it likes to do that as a default (as does everything this side of your toaster) it's easy to block. There are a lot of people flying DJI stuff that purposely DON'T allow the software to update in order to keep DJI from screwing things up. They have a very checkered history when it comes to 'updates' (Oops, you crashed).

But don't they also have all kinds of 'features' that might require you to connect to the internet before you can even fly because their software is so lousy?

Idle speculation

[NoNonAlphaCharsHere]

We'll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by 'cyber vulnerabilities.' Until then, we ask everyone to refrain from undue speculation."

I'm going to go ahead and speculate that if they don't know what 'cyber vulnerabilities' means, then they shouldn't be making drones.

What Kind of Certification Program does Army Have?

[mykepredko]

I guess the DJI drones are cheap, easy to use and reliable, but I would have thought somebody who gives out the certifications to buy the units would have enough tech savvy to ask questions whether or not data from the drone was stored and where was it stored.

Anything with a camera that has internet access and could store data on the "Cloud" used by military personnel should be an immediate concern and should be investigated before allowing it to be purchased. I doubt it could affect operations in real time, but it could provide images of the faces of allied forces as well as a record of tactics used.

Somebody in the Army needs to understand where the certification process doesn't work and fix it.

wut?

[WolfgangVL]

The US Army is buying DJI hardware? This really blows my mind. How come the Airforce has not created the manpack combat quadcopter yet? If they have, why haven't they shared it with the Army?? What is the Army core of engineers doing while in garrison? Why on earth would any highly funded combat focused organization use consumer level quadcopter shit? I bet there are lower enlisted in barracks building their own racing quads right under their noses.

Nobody anywhere up the chain of command thought, "Gee, sh

Re:

[Max_W]

It is not that easy to build a quad-copter which can match the DJI. Even if the US Army builds its own quad-copter it would be build still from components made in China, from the aluminum produced in Russia, plastic made from Iranian oil, etc.

DJI copters are incredibly reliable. I own DJI F450, DJI Phantom 3, Phantom 4 Pro+, and Spark. They all still fly well, and my US EBlade quad is somewhere in a forest, where it dropped from the sky.

The problem is that in the USA there is no base. The FAA produces

Maybe they should take some of those billions

[future assassin]

that is spent on the war machine and use a few millions to create a company to build US made drones that can be sold to military and civilians.

Re:

[TheGratefulNet]

agreed; the ability to make them here, entirely from scratch silicon EXISTS. its BEYOND STUPID to send money to china for drones for the military! unbelievably stupid.

not only would it be good for our economy, but given the sensitive nature of military gear, NO parts from unfriendly nations (ie, almost all of them, at this point; lets be honest) should be put into such gear.

and since the military is not cost sensitive (like a consumer would be) there's zero reason to not make them here. they'll cost more

Is this how it starts...

[Trax3001BBS]

North Korea shoots off new USA hitting Missle

The USA test anti-missile weapon July 30 http://www.cnn.com/2017/07/30/... [cnn.com]

China test out anti-satellite weapon Aug 2 http://freebeacon.com/national... [freebeacon.com]

Now this...

Re:

[DivineKnight]

Makes you wonder what we have in space...

The military should not use Chinese anything.

[sabbede]

Given that conflict between the US and China is hardly impossible, it is absolutely ridiculous for the military to use anything made in China. Why not just hand over our nuclear codes to them?

Stupid, stupid, stupid.