New Report Gives DJI’s Data Security Passing Marks

Jonathan April 23, 2018
0 Comments

Share This

DJI, the market leader in consumer drones, has had a rough few months regarding their security and they have finally responded. While it hasn’t slowed their march to market dominance, it has raised questions among DoD leadership who, last year released a memo ordering the Army to cease use of all DJI aircraft and systems due to ‘cyber vulnerabilities.’ DJI hopes that this new report by independent third-party auditors will lay to rest these concerns and allow them to further develop their presence in the commercial/enterprise sectors of the U.S. market.


Why the Need for An Audit?

The growing suspicion against Chinese manufacturers is nothing new, with companies like ZTE and Huawei also finding themselves unwelcome in U.S. markets due to their connections with the Chinese government. Like other Chinese manufacturers, DJI was faced with accusations that it routinely shared user data (such as flight records and imagery) with the Chinese authorities.  Coupled with the widely publicized issue regarding DJI’s handling of their SSL and firmware keys, it’s clear that they really needed to begin rebuilding confidence in their ability to safely handle (potentially sensitive) data.   So, DJI hired a third party, Kivu Consulting, to be the first ever outsider to review DJI’s proprietary systems to include their drones, hardware controllers, Go4 Mobile App and storage servers.

THE RESULTS ARE IN…

So, does this new report give DJI a clean bill of health?  Sort of.  A summary provided by Douglas Brush, Kivu’s Director of Cyber Security Investigations, doesn’t exactly answer all of the questions but the broad strokes do seem to paint a favorable view DJI’s process.  They pointed out that all flight data originating in the U.S. is stored on AWS and Alibaba Cloud Servers in the U.S. Region (so no data leaves U.S. soil) and all of the Cloud Servers used (both AWS and Alibaba) are now properly secured.   They further noted that all data transmission can be terminated by deactivating settings within the DJI Go4 app or simply disabling the internet connection.

Still, the brief nature of the summary leaves some questions unanswered.  While the report does manage to address some of the more egregious security concerns (unsecured S3 buckets; seriously??) it does fail to address accusations that DJI willingly shares data with the Chinese Government.  Willing dissemination of data is obviously quite different than a security breach and would likely not have been covered in this audit.


Even with this report, it remains unseen if the U.S. Army and other U.S. officials will soften their stance on the use of DJI aircraft.  Ultimately, someone will have to blink because it appears that no one can supplant DJI as the global market leader in commercial unmanned aircraft.

Connect With Us!

Facebook Twitter Linkedin Youtube Instagram
Categories: Consumer, DJI, Drones, Unmanned Aerial Vehicles
Tags: , , ,
Jonathan
Jonathan has been flying and fixing drones all over the world since 2008. He has a deep love for drones, phones, and pretty much anything that requires a Li-Ion battery. Jonathan also serves as an FAA Safety Team (FAAST) Drone Pro, advocating for drone safety and responsible airspace integration.

Related Articles

Responses

Your email address will not be published. Required fields are marked *

Report

Contains a photo/video that violates my copyright.
This account is pretending to be me.
Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
This content or account is SPAM.
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .

This website uses cookies to ensure you get the best experience on our website. By continuing to browse on this website, you accept the use of cookies as described in our Privacy Policy.

I UNDERSTAND

let's Fly together

Subscribe to Our Newsletter

Facebook Twitter Instagram Youtube