US Army calls for ban on DJI equipment over security concerns

anotherlab said:
One of the problems is that at least with the Phantom 3, the AC's firmware is derived from OpenWRT. OpenWRT is an open source firmware that is used as the base code for many consume routers. There's nothing wrong with that, it's stable code base and well known. One of the problems is that DJI embedded an account and password into the firmware and it was just a matter of time before some went through the firmware and found it. The US Army has password standards and a fixed password would be in violation of their standards. I don't know if their password standards are applied to off the shelf hardware, but if it does, that alone could account for the ban.

That's a problem that's addressable by DJI. The same mechanism that DJI uses now to pair a RC to a AC could be used to generate a strong password that would only be known the to AC, RC, and the DJI Go app (and apps licensed to use DJI's libraries). There is no need to store a password in the firmware.

The default SSID password for the Wi-Fi connected DJI drones should also be unique. Just end "12341234" as the out of the box password. The user can change it, but how many of us have actually done so?
Click to expand...

I am assuming that all the flight logs stored on my mobile phone would be immediately sent up by DJI GO or Litchi to their servers?
 
Meta4 said:
Yes ..... but

If you choose to upload flight data at a later time to DJI, that's another matter.
.
Click to expand...

If Litchi can upload to phone, they can download my logs, and probably without asking permission, right? I believe DJI GO also has this ability..
 
The military has a long standing ban on anything running any version of Linux. That is interesting as both Microsoft Windows 10 and Apple iMac OS are both custom versions of Linux so I suppose they have slowly begun to wrap their minds around this by now. I was a server administrator running a Linux based SOC camera system in a high consequence containment laboratory and I had to keep the system completely off the building network and had to run risk assessments and a bunch of other nonsense required by the tiny minds running the DoD systems. We also had a large amount of molecular biology and imaging systems, plus things like flow cytometers all of which only run on iMac's so these had to also be kept off the networks as Apple products were forbidden in DoD facilities. We could only use sneaker net to move files to air gapped laptops which we used to analyze the data and then put the processed data into our products (reports and/or scientific publications). I retired 10 years ago so hopefully things have changed but I last worked as a contractor a few years ago and it was still the same problem. It really makes life difficult.

The other large problem is that chips manufactured in China (nearly all now) have embedded in them spyware just as do the Intel Chips made in the USA. There is no way to get around it any more. This is the larger problem.

There is a hacked version of DJI software BUT it is from Russia. I doubt that DoD will be interested in that.

The other problem is that DJI implemented a lot of the things that seem to be problems for the military in order to meet demands from US agencies such as the FAA and their equals in Europe and China. So, the likely solution will be custom drones built on contract specifically for the military and at maybe 100 times the cost or worse.
 
  • Like
Reactions: Meta4
borschelrh said:
The military has a long standing ban on anything running any version of Linux. That is interesting as both Microsoft Windows 10 and Apple iMac OS are both custom versions of Linux so I suppose they have slowly begun to wrap their minds around this by now. I was a server administrator running a Linux based SOC camera system in a high consequence containment laboratory and I had to keep the system completely off the building network and had to run risk assessments and a bunch of other nonsense required by the tiny minds running the DoD systems. We also had a large amount of molecular biology and imaging systems, plus things like flow cytometers all of which only run on iMac's so these had to also be kept off the networks as Apple products were forbidden in DoD facilities. We could only use sneaker net to move files to air gapped laptops which we used to analyze the data and then put the processed data into our products (reports and/or scientific publications). I retired 10 years ago so hopefully things have changed but I last worked as a contractor a few years ago and it was still the same problem. It really makes life difficult.

The other large problem is that chips manufactured in China (nearly all now) have embedded in them spyware just as do the Intel Chips made in the USA. There is no way to get around it any more. This is the larger problem.

There is a hacked version of DJI software BUT it is from Russia. I doubt that DoD will be interested in that.

The other problem is that DJI implemented a lot of the things that seem to be problems for the military in order to meet demands from US agencies such as the FAA and their equals in Europe and China. So, the likely solution will be custom drones built on contract specifically for the military and at maybe 100 times the cost or worse.
Click to expand...

There are US-manufactured drones in use by the military, such as the Lockheed Indago, but the price makes them unattractive for a lot of the simpler and high-volume tasks.
 
The army should ban 'cell phones' if they are really worried about being hacked. There are troops in Afghanistan posting selfies, and lets not forget ALL Apple phones are made in China :) Plus the we also have the 'commander and chief' in the USA who won't get off his phone and twitter. Seriously, worry about the Russians lol
 
  • Like
Reactions: Meta4
borschelrh said:
The military has a long standing ban on anything running any version of Linux. That is interesting as both Microsoft Windows 10 and Apple iMac OS are both custom versions of Linux so I suppose they have slowly begun to wrap their minds around this by now. I was a server administrator running a Linux based SOC camera system in a high consequence containment laboratory and I had to keep the system completely off the building network and had to run risk assessments and a bunch of other nonsense required by the tiny minds running the DoD systems. We also had a large amount of molecular biology and imaging systems, plus things like flow cytometers all of which only run on iMac's so these had to also be kept off the networks as Apple products were forbidden in DoD facilities. We could only use sneaker net to move files to air gapped laptops which we used to analyze the data and then put the processed data into our products (reports and/or scientific publications). I retired 10 years ago so hopefully things have changed but I last worked as a contractor a few years ago and it was still the same problem. It really makes life difficult.

The other large problem is that chips manufactured in China (nearly all now) have embedded in them spyware just as do the Intel Chips made in the USA. There is no way to get around it any more. This is the larger problem.

There is a hacked version of DJI software BUT it is from Russia. I doubt that DoD will be interested in that.

The other problem is that DJI implemented a lot of the things that seem to be problems for the military in order to meet demands from US agencies such as the FAA and their equals in Europe and China. So, the likely solution will be custom drones built on contract specifically for the military and at maybe 100 times the cost or worse.
Click to expand...
Windows 10 and Mac OS are not based on Linux. You can run Linux from Window 10, but the core was never derived from Linux (or Unix for that matter) and actually predates it. Mac OS X was based on BSD Unix and Mach and could be considered a hybrid. But not Linux. Similar, but not the same. Also, the US Army is the single largest user of Red Hat Linux, do you have a source for that ban? The military drones use Linux.

The OS is a secure as you make it. The "tiny minds of DoD" came out with a secure version of Linux called SELinux and gave back what they did to the Linux open source community. You can access that project from it's Github site.
 
So would you like to see what your friendly DJI GO4 app is doing on your cell phone or tablet? Take a look at these screen images:

DJI Phantom fail 57.JPG DJI Phantom fail 58.JPG DJI Phantom fail 59.JPG
 
DJI caused this when they prevented stand alone operation and required a login to your account hosted on a server controlled by the Chinese Government. There is no technical reason for this, firmware updates could be downloaded to SD card and done off-line and GO app updates by connecting to Apple Store then shutting down external links. Also, in China there is no right to privacy and all Chinese firms will do whatever the Government tells them to do. Personally, I don't care if anyone looks at my flight logs or video cache, but then I'm not flying over sensitive military installations either. DJI could easily address security concerns by dropping the requirement to login to perform an update or fly.
 
Fair enough, but we're not the US Military.

Erised said:
I don't know what all the paranoia of a Chinese made drone spying is all about, almost all the cell phones are made in China, all the people who can and want to know what you are doing is way easier just to tap in to your phone or computer. We are in the information age and privacy is just an illusion. I'm just one in 5 billion and I don't really care anymore because there is nothing I can do about it and I don't plan to go hide in a cave. Keep it on the up and up and you should have nothing to worry about.
Click to expand...
 
wataero said:
DJI caused this when they prevented stand alone operation and required a login to your account hosted on a server controlled by the Chinese Government. There is no technical reason for this, firmware updates could be downloaded to SD card and done off-line and GO app updates by connecting to Apple Store then shutting down external links. Also, in China there is no right to privacy and all Chinese firms will do whatever the Government tells them to do. Personally, I don't care if anyone looks at my flight logs or video cache, but then I'm not flying over sensitive military installations either. DJI could easily address security concerns by dropping the requirement to login to perform an update or fly.
Click to expand...
There is no technical reason to require the initial login. This is just my opinion, but I think it's just DJI wanting to have some way of tracing who may have used their product. If some nut job goes out and buys a P4 and deliberately crashes it into a crowd, DJI would have some information to hand over to law enforcement authorities. While the Chinese government could take DJI's servers, you have no proof right now that any drone information collected by DJI is going directly to the Chinese government.

Has anyone seen that video information is actually going back to DJI? I could see telemetry information going over the wire, but not video.
 
macoman said:
Drones are considered flying toys, and most of the toys you buy today are made in China. So that's why they can sell it in the US. About the privacy issue, there is really nothing important what the Chinese are getting from the drones.
Click to expand...
If you say there's nothing important it must be OK
 
Phill2 said:
You can't blame them now that dji is controlling where you can fly.
Who knows what other info they are collecting
Click to expand...

Keep in mind folks DJI is a company controlled by a communist country. The Chinese government regularly tells its companies and citizens what they can and cannot do on a totalitarian level. I think DJI is going to have to re-think what they can get away with in the United States, from the viewpoint that American citizens are fiercely independent and repulse any effort to control them, and the US government is paranoid about subversion. There are lots of up and coming US based drone manufacturers that are, or soon will be, able to produce drones with all the capabilities that DJI has - with none of the onerous restrictions and compliance procedures DJI is implementing (Login before you fly - GIMME A BREAK!!!). DJI needs to contemplate what the phrase; "America, land of the free" means to their future US sales. I for one will never, ever download another DJI firmware update nor be connected to the internet when I fly. My next drone will NOT be made in China.
 
Words are important, the US DOD does not act as the result of paranoia.
Hostile foreign threats are serious and real.
 
andyimages said:
I am assuming that all the flight logs stored on my mobile phone would be immediately sent up by DJI GO or Litchi to their servers?
Click to expand...
No they are not.
You have to choose to upload to DJI if you want to.
If you ever have an incident/crash etc and want DJI to investigate, DJI can't proceed until you do.
 
Arbutus said:
So would you like to see what your friendly DJI GO4 app is doing on your cell phone or tablet? Take a look at these screen images:
Click to expand...
Reading that list I just see a list of things that the app normally does or can do.
I don't see anything sinister there.
wataero said:
DJI caused this when they prevented stand alone operation
Click to expand...
This is a misconception. Standalone operation is not prevented at all.
jeffthepahntom4 said:
Keep in mind folks DJI is a company controlled by a communist country. The Chinese government regularly tells its companies and citizens what they can and cannot do on a totalitarian level.
Click to expand...
Keep in mind that this thread is bringing out a bunch of uninformed xenophobia mixed with misconceptions about what DJI actually does rather than paranoid interpretations and fantasies.
jeffthepahntom4 said:
There are lots of up and coming US based drone manufacturers that are, or soon will be, able to produce drones with all the capabilities that DJI has
Click to expand...
Please point out some of these upcoming drone companies. They haven't been getting much publicity.
I'm sure there would be a lot of interest in viable alternatives.
jeffthepahntom4 said:
with none of the onerous restrictions and compliance procedures DJI is implementing (Login before you fly - GIMME A BREAK!!!).
Click to expand...
GIMME A BREAK - there's some of the misunderstanding coming to the surface.
You don't have to login before you fly.
jeffthepahntom4 said:
DJI needs to contemplate what the phrase; "America, land of the free" means to their future US sales. I for one will never, ever download another DJI firmware update nor be connected to the internet when I fly. My next drone will NOT be made in China.
Click to expand...
Somehow I have a feeling you will be waiting a very long time to get your next drone.[/QUOTE]
 
  • Like
Reactions: sar104

Similar threads

P
Looking for drone analyst/researcher jobs, but not having luck finding such jobs. Suggestions and advice appreciated.
Replies
1
Views
988
Off Topic
BrianaBriggs
B
Basspig
FCC Tries to Ban DJI Drones and other Chinese Made Drones in US
Replies
37
Views
4K
General Discussion
WV. Rootman
WV. Rootman
J
P4Pro RTK can no longer cacne maps
Replies
3
Views
3K
General Discussion
Harleydude
Harleydude
Drestin Black
DJI Support is Good while also confusing
Replies
1
Views
2K
General Discussion
Harleydude
Harleydude
msinger
Last Week's Most Popular Topics (July 3, 2021)
Replies
0
Views
1K
General Discussion
msinger
msinger

Recent Posts

Members online

Total: 588 (members: 2, guests: 586)

Forum statistics

Threads
143,094
Messages
1,467,591
Members
104,979
Latest member
jrl