US Army calls for ban on DJI equipment over security concerns

FLOATIN · Aug 8, 2017

I do not understand what communication loop in the process is being snooped from the PC.

jofus · Aug 8, 2017

Army identified an unacceptable, unmitigated risk associated with a vulnerability + threat. They're shutting down all use until that risk can be mitigated. That's textbook Infosec.

anotherlab · Aug 9, 2017

FLOATIN said:
I do not understand what communication loop in the process is being snooped from the PC.

The network traffic. You can use an app like Wireshark to monitor Wi-Fi traffic.

FLOATIN · Aug 9, 2017

I did not know it could be used for wifi packets, thanks.

SeabeeEO3 · Aug 9, 2017

I wonder if the US Army actually dumped DJI over the firmware issues.

jofus · Aug 9, 2017

FLOATIN said:
I did not know it could be used for wifi packets, thanks.

Yep! All traffic is sent and received via logical ports on a network interface card, whether wired or wireless.

andyca57 · Aug 9, 2017

GaryMortimer said:
This is going to be a big story, both the US Army and Navy have expressed concerns,

US Army calls for units to discontinue use of DJI equipment. - sUAS News - The Business of Drones

More reading on DJI and USARMY drone issues

By Popular Science

Consumer drones are causing problems for the military

By DRONELIFE

Why the US Army DJI Ban is Probably Justified

By Air & Space Magazine

It’s Been a Bad Week for Chinese Drone Maker DJI | Daily Planet | Air & Space Magazine

anotherlab · Aug 9, 2017

SeabeeEO3 said:
I wonder if the US Army actually dumped DJI over the firmware issues.

They didn't "dump" DJI, they halted the use of DJI products. The memo cited “increased awareness of cyber vulnerabilities associated with DJI products.” This opens the door to allowed usage once the security vulnerabilities are addressed.

SeabeeEO3 · Aug 11, 2017

Putting the PRC in the US Military's supply chain was a stroke of sheer GENIUS. Brilliant! Absolutely Brilliant!

jofus · Aug 11, 2017

SeabeeEO3 said:
Putting the PRC in the US Military's supply chain was a stroke of sheer GENIUS. Brilliant! Absolutely Brilliant!

Tell me about it. My job is pretty much putting out fires all around the Army's supply chain.

andy_k · Aug 11, 2017

My guess is that until DJI remove Tinker from the Go app from the the military won't touch it - nor should they!

FLOATIN · Aug 18, 2017

US Army walks back DJI decision (slightly) 8/14

"An exception to policy with recommendations from the asymmetric warfare group that will permit the use of DJI kit once some conditions have been met.
The Android Tactical Assault Kit will become the ground control station (GCS) of choice when a DJI plugin has passed OPSEC (Operational Security) scrutiny."

US Army walks back DJI decision (slightly) - sUAS News - The Business of Drones

MikeK · Sep 1, 2017

N017RW said:
Foreign threats are not the result of paranoid thinking. I applaud the DOD for addressing the obvious.

[...]

I agree.

As a certified computer dummy I would think the DoD has geeks on board who have good cause to recommend this action. Even if it is a bit of a stretch there is no good reason not to exercise this caution. Better safe than sorry.

Which prompts the question of why some of our own, 100% American, tech companies aren't competing with DJI, Yuneec, et. al.

anotherlab · Sep 1, 2017

MikeK said:
I agree.

As a certified computer dummy I would think the DoD has geeks on board who have good cause to recommend this action. Even if it is a bit of a stretch there is no good reason not to exercise this caution. Better safe than sorry.

Which prompts the question of why some of our own, 100% American, tech companies aren't competing with DJI, Yuneec, et. al.

For the same reason there are no 100% American made cell phones. We can't compete on the costs. Forbes did a detailed story of what happened to 3DR, the biggest US competitor that DJI faced.

Drestin Black · Sep 1, 2017

Two most obvious reasons:

A) data about flights is sent to DJI servers
B) ability to remote disable Geo equipped devices.

I'll wager B is the biggest source of grief now that Geo is mandatory and its effects felt. Imagine being out on the field, doing your job when suddenly, "cannot take off"
DJI can create fake/erroneous NFZs anywhere and at anytime that cannot be defeated essentially grounding the drone fleet. This wasn't an issue while it could be overridden.

N017RW · Sep 1, 2017

Reason B is all the more reason to me too.

What happened to 'MIL-STD' or 'MIL-SPEC'?

These (Phantoms) are toys after all.

Drestin Black · Sep 1, 2017

Geo must be made user overridable. Notification only. I'd accept a few hard coded NFZs, example: White House, Pentagon, Nuke Plants, etc, but everything else should be like other aircraft, notification only. Pilot should always be in full control of his aircraft.

N017RW · Sep 1, 2017

If it's [any] 'user overridable' then it's nonsense.

Hardcoded is interesting. While not an expert, Is any code really 'hard'?

it's just a toy so what's DJI's incentive to 'harden' this product tier?

I get the advantages of the DoD using mass-produced, off-the-shelf, products where prudent.

Now, I am curious about how much our DoD purchases from China?

Drestin Black · Sep 1, 2017

N017RW said:
If it's [any] 'user overridable' then it's nonsense.

Ask yourself why such a system isn't installed in big aircraft?

Likewise, consider: on some planes the onboard computer can tell if the plane is heading nose down and towards the ground and going to impact the ground. It will sound alarms, flash warnings, "Pull Up! pull Up!" And yet, you can override the alarm as the plane plunges into the ground. The computer won't take over control of the plane and "pull up" and save all aboard, the plane and any potential disaster below. It will dutifully notify, unless told to shut up, about impending doom - but never, ever, ever take away control from the actual pilot even to the point of certain destruction.

All because, over decades and decades of use pilots have never ever decided to give up this type of control to a autonomous process.

Also, airplanes have fps aboard and apps and systems that will warn them: You are in a NFZ or within a TFR and you are NOT under any circumstances legal,y permitted to take off. And the pilot can just ignore it and take off and fly any direction he wants.

-----

So, Geo should work like the big boys. Warn the pilot. In clear terms say, I detect you are in such and such zone(s) and here is the rule.
Checkbox Here then click Ok if you accept responsibility and wish to continue, otherwise click Cancel.

That's how it should work. The action is logged, the flight records are logged. And he pilot remains the responsible party for their actions and DJI is indemnified.

N017RW · Sep 1, 2017

I can't address each of your points so long as one equates the responsibility and risks (all the trappings included) of operating while being on-board an aircraft with that of flying a remote controlled aircraft.

There's a magnitude of difference.