DJI may be losing one of their biggest clients: the United States army. According to a memo that was going around, the army considers DJI products to be risky, citing cyber vulnerabilities that they had noticed within the product as the primary reason they were cutting all ties with the Chinese tech company. There is a great deal of speculation surrounding the nature of these “cyber vulnerabilities” due to the vague nature of this term.
The Source of The Speculation
There are two reports written by internal parties which probably contributed to the United States army’s decision to eschew all future use of DJI products, both of which were published in May of this year. The first of these two reports were made by the Army Research Laboratory and is titled “DJI UAS Technology Threat and User Vulnerabilities, and the second report was published by the Navy and is titled “Operational Risks with Regards to DJI Family of Products.”
One can infer from the creation of these two reports that the United States military had reason to believe that DJI presented a security risk. After all, they would not initiate investigations into a company without due cause. The army seems to be the only branch of the United States military that suspects security risks associated with DJI products. There is no evidence that the Air Force, Marine Corps or Coast Guard are concerned, although the Navy apparently seems to have some doubts based on their report even though they have not taken any action against DJI. It seems logical that all other branches of the United States military would follow in the army’s footsteps if DJI genuinely does pose a threat.
Outside the military, branches of government have also put a DJI ban into effect. The United States Departments of Energy and Interior are both no longer going to be using DJI products and are prohibiting the use of products manufactured by the Chinese tech conglomerate within their premises. While this information, which has been provided by anonymous sources, has not yet been verified, if this is indeed the case we can expect to see a number of federal agencies following suit very soon.
How Will This Affect Photographers Contracted By The Military?
The memo that the United States army released mentions three hundred personnel that would possess salaried army positions. What is unknown at this point in time is how this sudden change is going to affect contractors, particularly those that are contracted by the United States military in the role of a photographer. Many photographers swear by DJI products and are probably going to be quite chagrined by the fact that they are not going to be able to use their favorite equipment on the job. Many are wondering if the military is going to create some kind of vetting process specifically for DJI products, possibly conducted by an independent third party.
A List of Banned DJI Products
Once the ban was announced, many wondered what products would no longer be allowed. Many assumed that only those products that posed a threat would be prohibited and that a few products would certainly be allowed into military complexes and institutions. However, it turns out that nearly every single DJI product on the market is going to be banned. This isn’t just restricted to hardware either. Any applications or other kinds of software created by or related to DJI or its products are also prohibited. Anyone that is contracted or employed by the United States army is going to have to uninstall DJI software from any tech they possess if they want to take it into military owned premises.
The Nature of The Security Risk DJI Poses
The language that the United states army has used to explain their reasons for not wanting DJI tech to be used within their premises is very vague indeed. They have just cited “cyber vulnerabilities” as the reason for the ban, but this could mean anything. There is no available record of an actual attack that came from a product created by DJI, which means that this ban is a precautionary measure. The military must have a pretty good reason for taking such a precautionary measure because this is not the sort of institution that is predisposed to rash action.
From the evidence that is currently present, it is clear that the main security threat comes from a drone. These camera drones have become increasingly popular in recent times, and a little-known fact about them is that they broadcast their GPS. This is how you are able to tell where your drone is using your sensors. This GPS is transmitted via a radio wave. What this means is that these drones are extremely risky when it comes to covert operations, because they can be used both intentionally as well as unintentionally to spy on United States military sites. Intentional use would involve a mole infiltrating US military premises and broadcasting what they see, and unintentional use would involve someone using a drone and not realizing that someone has hacked into the transmission and can see every single thing that they can. This could potentially reveal things as serious as military exercises, the units present within a particular area as well as how active a certain military base is. All of this information could potentially be used by hostile entities to do some serious harm. This risk is particularly pertinent when you consider the fact that DJI apps are also receiving this data, and these apps are far easier to hack than military grade software which is usually thoroughly encrypted and encoded.
Potential Exploiters of This Security Threat
There are a number of different entities that would be interested in exploiting this security threat. Anyone with decent equipment and hacking know how could hack into the broadcast and see everything that the drone is seeing. For example, about eight years ago, terrorists in Iraq were able to use easily accessible software to hack into feeds that were being broadcast live from Predator drones owned by the United States military. This allowed them to get intelligence that made US military operations impossible to complete successfully.
Additionally, there is a serious problem with DJI drones related to encryption. The radio signals that are broadcast from these drones are not encrypted in any way, which makes these drones extremely easy to hack into. An example of how easy this company’s drones are to hack into can be seen in the fact that a Russian company was able to modify the firmware of particular drones to override limitations that prevented the drones from entering no fly areas. While DJI did claim that they have removed this firmware modification and have made it impossible for it to happen again, it should be noted that this was extremely easy to do the first time around. Hence, there is always going to be a chance that drones made by DJI would be vulnerable to attack via outside parties. We have already learned about how the CIA was able to use smartphones to spy on people. This shows that a DJI drone can also be extremely dangerous, as it can be used through similar means and makes a much more useful spy device.
It is also important to address the elephant in the room: DJI is a Chinese company. It is not breaking news that the United States does not have the best relationship with China. Indeed, after the cold war, these two countries have been rivals through and through. China has consistently been at the forefront of computer based warfare techniques and is one of the only countries that could truly match the power possessed by the US itself. Hence, the United States army might be suspicious about DJI, suspecting that the company might be a front for a Chinese agency that wants to gain intelligence on military tactics and other aspects of the US army.
It should be noted that DJI is a private organization, at least from what evidence can be easily found. There is no evidence stating that DJI has any connections with the Chinese government, nor has the company behaved in such a way that would make it seem like it wants to obtain government contracts. That being said, companies in Silicon Valley don’t have any overt connection to both the US government as well as the US military, but in spite of this, the Edward Snowden leaks proved that there was some aspect of the tech industry working in conjunction with the intelligence agencies based in the US. Intelligence agencies such as the NSA seemed to have unhindered access to the servers of companies as big as Facebook and Google, and all of these shady on goings occurred in one of the most powerful democracies in the world. Hence, it is understandable that the US military would be afraid of China doing something similar to this
How DJI Reacted To This Ban
DJI’s reaction to this ban has been rather odd, all things considered. They had apparently not been informed about the ban and were “surprised and disappointed” when they found out about it according to the verge. The United States military had apparently failed to communicate to DJI that they felt that their products were unsafe. According to the report, DJI is going to try and reach out to the US military and attempt to ascertain the source of the security threat and deal with it. It is unknown if the military would be willing to engage, however. They seemed pretty adamant about banning the use of all DJI devices, and are probably not going to want anything to do with the company anymore.
About half a decade ago, Huawei faced circumstances similar to the ones that DJI is facing right now. This Chinese company was also suspected to be influenced by the government and was investigated as a potential state actor. The legal imbroglio stretched on for several years, with the case going to court several times. There was no evidence that Huawei had anything to do with the government, so the case did not actually lead to anything at all. This case might be similar, but you never know. When you are looking at a world of espionage and cyber warfare, it can be easy to become complacent because the evidence is never properly visible. Maybe this time around the United States army is actually on to something. If the allegations are true, then DJI presents a threat not just to the United States military but to the entire country. Only time will tell whether the ban is justified or not.
It should be noted that the fact that only DJI is being banned is rather odd. It is not the only drone manufacturer based in China. Indeed, there are some other companies that manufacture drones as well, and their encryption is no better than that of DJI. Why, then, is DJI being targeted? These other drones have cameras and broadcast over an easily hackable frequency too, after all. While it is important not to speculate too much or make any undue claims at this point in time, the fact that only DJI out of all of the Chinese drone manufacturers is being banned is rather odd and is certainly a worthy line of inquiry. The majority of smartphones in America are created by American companies, and yet so many of our drones are Chinese. It is possible that the US military will be looking into this at a later date.