Skip to main content

    A government study found DJI drone, banned by US Army, kept data safe

    A government study found DJI drone, banned by US Army, kept data safe

    Share this story

    DJI Mavic Pro.
    DJI Mavic Pro.
    Photo by Thomas Ricker / The Verge

    Late last week, news broke that the US Army had issued a memo asking units to discontinue the use of DJI drones while the military investigated potential cyber vulnerabilities. There wasn’t much detail on what the exact concerns were or where they stemmed from, but it turns out that another federal agency recently looked into the issue.

    The National Oceanic and Atmospheric Administration, which collects a lot of data on weather, did a study in October 2016 with the DJI S-1000 drone to “better understand if any data collected by the aircraft would be transmitted to the Internet during flight or during the subsequent transfer of the data to computers for post-processing.”

    The study used Wireshark software on a Windows computer to “capture all packets moving to and from the computer on any port and provide diagnostic information for those packets. Care was taken to set up the computer to minimize extraneous network traffic prior to initiating the test.” The drone was being controlled with a third-party remote and independent ground station.

    NOAA’s tests found that the S-1000 presented no threat for data leakage. “The majority of transactions to the DJI servers were to login to DJI servers hosted at both Amazon Web Services and Linode to check for software updates. These transactions are quite common for software of this type, and nothing unusual was detected during the experiment,” the report states.

    “There was no evidence whatsoever of any attempt by any software to transfer any data from the aircraft.”

    Despite NOAA’s finding, there are lots of variables that could keep the US Army from using DJI drones: the military might be using different units that treat data differently, or they could be concerned about the ability of third parties to hack the drone while it’s in flight, potentially taking over control from the pilot or siphoning off data that is being transmitted wirelessly back to the operator.

    Ed Dumas, a computer programmer at NOAA and one of the authors of the study, confirmed to The Verge that their tests on the S-1000 found it wasn’t sending any unusual traffic back to DJI. He did say, however, that he ran similar tests on his personal unit, a Phantom 3 professional, during his spare time. His software found that unit was sending encrypted data back to DJI and servers whose location he could not determine.

    DJI, for its part, emphasized that it has never marketed its drones for use on the battlefield. “DJI makes civilian drones for peaceful purposes. They are built for personal and professional use, and are not designed for military uses or constructed to military specifications. We do not market our products for military customers, and if military members choose to buy and use our products as the best way to accomplish their tasks, we have no way of knowing who they are or what they do with them. The US Army has not explained why it suddenly banned the use of DJI drones and components, what “cyber vulnerabilities” it is concerned about, or whether it has also excluded drones made by other manufacturers.” 

    Update August 7th, 3:10PM ET: This article originally stated that NOAA’s study relied on DJI’s native remote and iOS app. In fact, the test used a third-party remote and independent ground station. The story had been updated to reflect these facts.

    Today’s Storystream

    Feed refreshed Two hours ago Striking out

    A
    Youtube
    Andrew WebsterTwo hours ago
    Look at this Thing.

    At its Tudum event today, Netflix showed off a new clip from the Tim Burton series Wednesday, which focused on a very important character: the sentient hand known as Thing. The full series starts streaming on November 23rd.


    A
    The Verge
    Andrew Webster4:28 PM UTC
    Get ready for some Netflix news.

    At 1PM ET today Netflix is streaming its second annual Tudum event, where you can expect to hear news about and see trailers from its biggest franchises, including The Witcher and Bridgerton. I’ll be covering the event live alongside my colleague Charles Pulliam-Moore, and you can also watch along at the link below. There will be lots of expected names during the stream, but I have my fingers crossed for a new season of Hemlock Grove.


    J
    Twitter
    Jay PetersSep 23
    Twitch’s creators SVP is leaving the company.

    Constance Knight, Twitch’s senior vice president of global creators, is leaving for a new opportunity, according to Bloomberg’s Cecilia D’Anastasio. Knight shared her departure with staff on the same day Twitch announced impending cuts to how much its biggest streamers will earn from subscriptions.


    T
    Twitter
    Tom WarrenSep 23
    Has the Windows 11 2022 Update made your gaming PC stutter?

    Nvidia GPU owners have been complaining of stuttering and poor frame rates with the latest Windows 11 update, but thankfully there’s a fix. Nvidia has identified an issue with its GeForce Experience overlay and the Windows 11 2022 Update (22H2). A fix is available in beta from Nvidia’s website.


    A
    External Link
    If you’re using crash detection on the iPhone 14, invest in a really good phone mount.

    Motorcycle owner Douglas Sonders has a cautionary tale in Jalopnik today about the iPhone 14’s new crash detection feature. He was riding his LiveWire One motorcycle down the West Side Highway at about 60 mph when he hit a bump, causing his iPhone 14 Pro Max to fly off its handlebar mount. Soon after, his girlfriend and parents received text messages that he had been in a horrible accident, causing several hours of panic. The phone even called the police, all because it fell off the handlebars. All thanks to crash detection.

    Riding a motorcycle is very dangerous, and the last thing anyone needs is to think their loved one was in a horrible crash when they weren’t. This is obviously an edge case, but it makes me wonder what other sort of false positives we see as more phones adopt this technology.


    A
    External Link
    Ford is running out of its own Blue Oval badges.

    Running out of semiconductors is one thing, but running out of your own iconic nameplates is just downright brutal. The Wall Street Journal reports badge and nameplate shortages are impacting the automaker's popular F-series pickup lineup, delaying deliveries and causing general chaos.

    Some executives are even proposing a 3D printing workaround, but they didn’t feel like the substitutes would clear the bar. All in all, it's been a dreadful summer of supply chain setbacks for Ford, leading the company to reorganize its org chart to bring some sort of relief.


    E
    TikTok
    Spain’s Transports Urbans de Sabadell has La Bussí.

    Once again, the US has fallen behind in transportation — call it the Bussí gap. A hole in our infrastructure, if you will.


    J
    External Link
    Jay PetersSep 23
    Doing more with less (extravagant holiday parties).

    Sundar Pichai addressed employees’ questions about Google’s spending changes at an all-hands this week, according to CNBC.

    “Maybe you were planning on hiring six more people but maybe you are going to have to do with four and how are you going to make that happen?” Pichai sent a memo to workers in July about a hiring slowdown.

    In the all-hands, Google’s head of finance also asked staff to try not to go “over the top” for holiday parties.


    E
    External Link
    Insiders made the most money off of Helium’s “People’s Network.”

    Remember Helium, which was touted by The New York Times in an article entitled “Maybe There’s a Use for Crypto After All?” Not only was the company misleading people about who used it — Salesforce and Lime weren’t using it, despite what Helium said on its site — Helium disproportionately enriched insiders, Forbes reports.