Cyber vulnerabilities.
This is the reason given in a U.S. Army memo that orders troops to end all use of DJI drones for operations.
This a huge announcement, and was quite surprising, given that DJI drones are currently the Army’s top choice for an off-the-shelf UAS solution.
The memo released August 2, came from Lt. Gen. Joseph H. Anderson who serves as the Army’s deputy chief of staff for plans and operations. It states, “cease all use, uninstall all DJI applications, remove all batteries/storage media from devices, and secure equipment for follow on direction.”
The memo cited “increased awareness of cyber vulnerabilities associated with DJI products.” No other additional information was provided.
Off-the-shelf solution, no more?
Just as consumers have flocked to DJI drones, so too, the Army. Though not a battlefield drone, DJI drones are used in support of a variety of Army operations. In fact, the Army’s Aviation Engineering Directorate has issued over 300 separate Airworthiness Releases for DJI products in support of various missions.
This memo amends the existing Pentagon guidance for the domestic use of unmanned systems that was finalized in Feb. 2015.
So, what does this memo mean for Army units currently using DJI products?
For many, it’s a minor inconvenience. For others, a huge headache, in terms of identifying, securing, inventorying, and storing the drones. After all, the memo covers “any system that employs DJI electrical components or software including, but not limited to, flight computers, cameras, radios, batteries, speed controllers, GPS units, handheld control stations, or devices with DJI software applications installed.”
The Army indicated that they’ve received this guidance memo and are reviewing it.
Impact on DJI
Clearly, the memo caught DJI unaware. The company said in a statement, “they were surprised and disappointed to read reports of the U.S. Army’s unprompted restriction on DJI drones.”
It also said the company was not consulted during the decision-making process. DJI plans to reach out to the U.S. Army to gain better understanding of the cyber security concerns.
Given the sensitive nature of Army operations, the memo is a step in the right direction as far as some cyber security experts are concerned.
Hackers exposed the vulnerabilities of the Phantom series – breaking in and manipulating the GPS software and disrupting “geofences” designed to keep the drone out of no-fly zones. Certainly, this raised alarm bells.
However, it was a request in May from DJI that appeared to really raise concerns. The request? Users need to register DJI products with the company. If not registered, the DJI product would suffer a decrease in speed and range…even the ability to stream video.
Industry insiders started to ask questions. If DJI corporation could manipulate that, what else could it do? Was the company sharing videos captured by these drones?
DJI denied any such activity. “When you fly a DJI drone,” DJI said in a statement in April 2016, “nobody but you can see the live video feed or the recorded video it generates – unless you decide otherwise.”
Uncertain future
DJI appears anxious to discuss and resolve any concerns the U.S. Army has about DJI products. Whether that conversation occurs, remains to be seen. And amid the lingering questions, one thing remains true: the Army's go-to, off-the-shelf solution seems no more.
In a world increasingly reliant on technology to function, cyber security has quickly become an important issue.
Which begs the question, how safe is your drone from a hacker attack?
Experts predict that the hijacking of drones may be one of the next big cyber threats; which raises the potential for worrying possibilities.
In its 2017 Threats Predictions Report, McAfee Labs listed drone hijackings as one of 14 cyber security issues for the coming year. The report noted that attacks against hardware – such as mobile devices and drones – would increase in 2017.
