Weeks after the US Army told personnel to immediately shelve all drones made by Chinese manufacturer DJI, citing unspecified “cyber vulnerabilities associated with DJI products,” the company has introduced a new “local data mode” for its apps.
This browser does not support the video element.
“We are creating local data mode to address the needs of our enterprise customers, including public and private organizations that are using DJI technology to perform sensitive operations around the world,” company VP for Policy and Legal Affairs Brendan Schulman said in a press release, per TechCrunch.
DJI’s apps use the internet to update maps, restricted flight zones and other relevant data, as well as have an optional feature to sync with the company’s database to store flight data. The new local mode disables all of those features. It’s clear even by the company’s own admission the timing with the Army announcement is not a coincidence, though TechCrunch reported DJI says the local mode was in development for several months and was not originally spurred by US brass.
“We’re not responding to the Army, which has never explained its concerns to us,” DJI communications director for North America Adam Lisberg told TechCrunch. “... We announced it today because enterprise customers with serious data security have made clear they need something like this for a while, and the Army memo reinforced that concern for them.”
The military has declined to reveal the security vulnerabilities, presumably for operational security reasons—small drones like those manufactured by DJI are already in limited deployment with the US military, and are widely used by some guerilla forces that oppose them like ISIS extremists. DJI also says the Army has not clued them in.
But it’s not clear that disabling internet access on a drone’s control app would plug whatever hole the military suspects it found anyhow. It’s possible there’s a vulnerability in the way DJI drones remotely interface with its controller, or a way of tricking the drone into leaking data to another user without breaking into the app at all.
It’s also possible the military sees the risk of a drone being hacked into as minimal, but someone didn’t like the idea of any of its data possibly being sent to a private manufacturer in another country, or of US personnel using a commercial drone system at all.
US military use is not Chinese manufacturer DJI’s core target market, though. That the Army uses commercial drones in any capacity at all speaks to a need which will likely be filled in the future by military drones built to specification for use in the field and elsewhere.