Last month, Ukraine Vice Prime Minister Mykhailo Fedorov accused DJI of helping Russia to kill Ukrainian civilians in an unusual way — by allowing Russia to freely use a drone-tracking system called DJI AeroScope to target the exact location of Ukrainian drone pilots and, allegedly, kill them with mortar strikes and missiles.
So we wrote an in-depth explainer on what DJI AeroScope actually is, how it works, what it was designed for, and what, if anything, DJI could actually do to prevent people from getting killed using its tech. But a hacker pointed out that DJI wasn’t being truthful with us on at least one point — and the company is now admitting it. The AeroScope signals broadcast by every modern DJI drone aren’t actually encrypted, DJI now says.
This means: governments and others with technical ability may not need an AeroScope to see the exact position of every DJI drone and the exact location of every pilot nearby.
To be clear, both DJI spokesperson Adam Lisberg and drone forensics expert David Kovar told us that these signals were encrypted. And when hacker Kevin Finisterre suggested to us that was wrong, we checked with DJI again. It was only after Finisterre repeatedly debunked the claim that DJI admitted to The Verge, almost a month later, that it wasn’t actually true.
DJI’s Lisberg says it’s his fault but also tells us that his R&D contacts in China repeatedly told him it was encrypted and that it took senior managers to step in and admit it wasn’t true.
It’s not entirely surprising that AeroScope signals are unencrypted, by the way: DJI originally envisioned Drone ID (now known as AeroScope) as a technology other drone companies would use, too. And governments like the United States are already planning to mandate that your drone broadcasts your physical location by 2023 — it won’t be optional, and it’s not clear to me if those signals will be encrypted either. As DJI’s former VP of Policy and Legal Affairs Brendan Schulman points out to me on Twitter, they almost certainly won’t.
We pressed Lisberg on some of the other claims he made in the piece since we want to ensure other information is correct. There aren’t currently any other corrections, but he did admit that, yes, DJI could prematurely revoke an AeroScope certificate to disable it, though that would only affect stationary units that are connected to its own AWS servers — and that it could also theoretically see the GPS positions of those AeroScope receivers that way (though likely not the ones used by Russian military or the portable ones which do not connect to AWS at all).
Lisberg also says, “I have been once again told that Sentinel and Supervisor do not exist,” referring to an ominous-sounding program that Finisterre found during a DJI data breach in 2017. Finisterre has suggested that the program is evidence that, at least in China, DJI is mining data on its users, but DJI has denied that, telling The Verge it was simply a proposal on how DJI could theoretically do some targeted advertising but that it never actually happened.
Finisterre has also pointed out that DJI did have a way to remotely turn off the AeroScope signals that its drones broadcast until it disabled that in later updates. It appears there may still be a way to send commands to the drone to mask a pilot’s coordinates, though.
Yesterday, DJI announced it’s halting all shipments of products and all after-sales support for both Russia and Ukraine.
Update, 7:17PM ET: Added drone lawyer (and former DJI VP) Brendan Schulman’s tweet suggesting that the US’s formally mandated remote ID broadcasts will also be unencrypted.