Leaked US government memo claims your DJI Drone spying for China

0 9

China’s Da Jiang Innovations (DJI), the world’s-largest maker of consumer and business drones security troubles continue to grow, as a newly leaked U.S. Immigration and Customs Enforcement (ICE) memo claims the company may be spying on behalf of the Chinese government.

The pdf, written in August by the Los Angeles office of the Immigration and Customs Enforcement bureau (ICE), was leaked last week. In it, the memo claims DJI may well be leveraging its drones to provide critical infrastructure and law enforcement data to the Chinese government and selectively targeting governments and privately-owned entities within these sectors to expand its ability to collect and exploit sensitive data.

The memo also claims DJI sells group one category unmanned aerial systems (UAS) intended for consumer and professional use. The drones operate on two Android Smartphone applications called DJI GO and Sky Pixels that automatically tag GPS imagery and locations, register facial recognition data even when the system is off, and access users’ phone data.

Additionally, the applications capture user identification, e-mail addresses, full names, phone numbers, images, videos, and computer credentials. Much of the information collected includes proprietary and sensitive critical infrastructure data, such as detailed imagery of power control panels, security measures for critical infrastructure sites, or materials used in bridge construction. According to the source of information (SOI), DJI automatically uploads this information into cloud storage systems located in Taiwan, China, and Hong Kong.

As users download DJI applications, they are prompted to acknowledge DJI’s terms and conditions, which grant DJI permission to own and exploit user data. The agreement reads, “Please note that if you conduct your flight in certain countries, your flight data might be monitored and provided to the government authorities according to local regulatory laws.”

The UAS capture close-up imagery and GPS information on water systems, rail systems, hazardous material storage systems, first responders’ activity, and construction of highways, bridges, and rails so there may be possibility for leak of images even to terrorist organizations, hostile non-state entities, or state-sponsored groups by china as per ICE.

DJI’s response

DJI strongly push backs by calling an “insane” memo issued by the federal government claiming the company is essentially spying for the Chinese government.

China-based company wrote that “The allegations in the bulletin are as profoundly wrong as a factual matter that ICE should consider withdrawing it, or at least correcting its unsupportable assertions and the claims that DJI systems can register facial recognition data even while powered off, & the DJI products have substantial price differentials between the U.S. and China can be easily disproven with a basic knowledge of technology and the drone industry, or even a simple internet search.”

They furthur added that the Other allegations in the report are similarly unsupported by facts or technical analysis and DJI does not access it’s customers’ flight logs, photos or videos unless customers actively upload and share them with them.Further, DJI’s said their new Local Data Mode stops all internet traffic to and from the DJI Pilot flight control app to provide enhanced data privacy assurance for customers flying sensitive missions.

DJI also argued that ICE should think about whether the source of the allegations may have been a competitor with “motive to interfere with DJI’s legitimate business by making false allegations about DJI.”



Jahnavi M

Vulnerability analyst, Technical Writer, Security Blogger, Co-founder—SecKurity

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: