DJI Issues Response against Reports of Its Drone App Cybersecurity Flaw

Recently, DJI, leading global civilian drone maker based in Shenzhen, China, has been swamped with reports that an app used to power their drones is prone to cybersecurity flaw.

In two reports, the researchers contended that an app on Google’s Android operating system that powers drones made by China-based Da Jiang Innovations, or DJI, collects large amounts of personal information that could be exploited by the Beijing government. Hundreds of thousands of customers across the world use the app to pilot their rotor-powered, camera-mounted aircraft. – Read full story.

The twin reports, courtesy of cybersecurity firms Synacktiv and GRIMM, found that DJI’s Go 4 Android app not only asks for extensive permissions and collects personal data (IMSI, IMEI, the serial number of the SIM card), it makes use of anti-debug and encryption techniques to thwart security analysis.
“This mechanism is very similar to command and control servers encountered with malware,” Synacktiv said. – Continue to read full story.

This week, DJI issued its response against these reports of its drone app having cybersecurity flaw to allay fears regarding its drones.

This week, China-based DJI, the drone industry’s leading manufacturer of drones, issued a public statement regarding the recent reports released by cybersecurity researchers (neither Synacktiv nor GRIMM) about the security of its drones’ control app. – Read full story.

Here is a brief excerpt from DJI Statement on Recent Reports from Security Researchers.

DJI takes the security of its apps and the privacy of customer data seriously. While these researchers discovered two hypothetical vulnerabilities in one of our recreational apps, nothing in their work is relevant to, or contradicts, the reports from the U.S. Department of Homeland Security, Booz Allen Hamilton and others that have found no evidence of unexpected data transmission connections from DJI’s apps designed for government and professional customers.

These researchers found typical software concerns, with no evidence they have ever been exploited.

Meanwhile, despite these claims, DJI drones continue to catch interest among aficionados with some of them pitting the DJI Mavic Air 2 and Mavic 2 Pro against each other. More on this later.


About droneologist