Army tells troops to stop using DJI drones immediately, because cyber
"Halt use of all DJI products," Army Aviation commands
The US military has a lot of drones—and an unending demand from troops in the field for more. As a result, the Army has for some time allowed units to purchase hundreds of off-the-shelf drones made by DJI, the Chinese consumer drone maker. The Army Aviation Directorate has provided "airworthiness releases" for DJI drones over 300 times for a variety of missions, according to a memorandum issued by the directorate's deputy chief of staff.
Because the cyber
Brad Jones
But now all of those drones are getting pulled from service, as the result of classified findings in a May study by the Army Research Lab at Aberdeen Proving Grounds in Maryland, as well as a Navy memorandum citing "operational risks" in using DJI drones. The memorandum ordering the ban was obtained by Small UAS News.
The reason may be related to information gathering by DJI's products that could include geographic location of flights, audio, and video.
DJI has faced privacy complaints in the past. Last year, the company issued a statement asserting that DJI only stored drone data via DJI's GO app when it was submitted by the customer. "DJI cannot, and we believe should not, access your live feed, the video files on your drone’s memory cards, or the video files on your phone or tablet connected to the flight controller," a DJI spokesman said in the April 2016 statement. "Since we cannot access it, we cannot provide it to anyone else—even with a court order or another valid legal demand."
However, DJI has also included software in many of its drones that use geolocation to determine whether the drone is in a No Fly Zone. And the company's privacy statement notes:
We may preserve and disclose your information if required to do so by law or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a court order, judicial or other government subpoena, warrant or request, or to otherwise cooperate with law enforcement or other governmental agencies.
DJI stores data it collects on servers in the United States and China.
Intentional collection by DJI is likely not the issue found by Army Research Labs, however. The problem may be related to others gaining access to telemetry data in the field, including adversaries. The Islamic State has used DJI drones heavily in Iraq and Syria, even rigging them to drop grenades on their enemies. Since the drones are so ubiquitous and the control protocols are well known, ARL may have found that an adversary could hijack a control session through a bug in DJI's protocol, or obtain telemetry, audio and video covertly.
In any case, Army Air Directorate's deputy chief of staff Lt. General Joseph Anderson issued a memo on August 2 ordering units to "cease all use, uninstall all DJI applications, remove all batteries/storage media from devices, and secure equipment for follow-on direction."
"We are surprised and disappointed to read reports of the U.S. Army’s unprompted restriction on DJI drones as we were not consulted during their decision," said Michael Oldenburg, DJI's senior communication manager for North America in an e-mail to Ars. "We are happy to work directly with any organization, including the U.S. Army, that has concerns about our management of cyber issues.We’ll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by ‘cyber vulnerabilities’. Until then, we ask everyone to refrain from undue speculation."
-------------------------------
Original article https://arstechnica.com/gadgets/2017/08/army-tells-troops-to-stop-using-dji-drones-immediately-because-cyber/#p3 by SEAN GALLAGHER, Ars Technica https://arstechnica.com/
There may be links in the Original Article that have not been reproduced here.
Tags
Who is online
85 visitors
I dunno... but maybe using Chinese drones that have both GPS and an Internet connection isn't really the smartest thing the Army could do...
LOL WTF would you buy your weapons or any military stuff from an enemy ?
I stopped buying e cigarette juice from China for the same reason, you have no idea WTF they are doing with it.
Well, chances are the e-juice was probably high in lead. That seems to be a common thread about products coming from China these days.
Now as for intelligent electronic devices, I would never buy one from China if I could help it. I would never trust that anything coming from there didn't have a backdoor for the Chinese manufactured into the device straight from the factory. With the integrated circuits built the way they are these days, it would be frighteningly difficult to determine one or two small areas of a large IC chip aren't allowing other's access to your machine. We know from past experience, that the government of China has infected many computers and smart devices.
I seem to remember that the US government was forbidden from using Chinese smart products for this very reason.
It's kinda worse than that. The drones DO send data back to DJI. Theoretically, it's just flight parameters to help improve the "self-driving" aspect of the machines: obstacle avoidance and so on.
But hey! Do I really want a Chinese company to have data from a US Army-operated drone? Yeeesh!!
Whatever happened to buying American?...
I don't know if there are any American competitors for DJI.
And I'm not sure that the Army tries very hard to "buy American". I was reading the other day about a call to tender for assault rifles, with the most probable suppliers being German and Belgian.