DJI’s Commitment to Data Security | Why are DJI Drones Safe to Use? Since DJI was founded in 2006 the company has gone from a niche hobbyist RC drone manufacturer to the single largest commercial drone manufacturer in the world.
Although this growth has been fantastic for the Chinese manufacturer it has come with a huge amount of responsibility with operator data. It is important to know that personal data, flight records, media, positioning information, and mobile phone data are all respected by DJI and only available to the company on an opt-in basis. For DJI, data security has been one of the top priorities. The company even runs a ‘Bug Bounty Program’ which incentivises researchers to find vulnerabilities in its platform with rewards of up to $30,000. This incentivised search for weaknesses demonstrates the company’s commitment to protecting your drone and data from third party attacks.
DJI state that:
“Your location data is never collected”
“You can choose not to sync your flight logs, photos, or videos with DJI services”
“Drone GPS log data is never collected”
“DJI does not collect mobile data”
“User experience information can be kept private by simply opting out of data collection”
“We do not sell user data to advertisers”
DJI’s Independent Audits
Many of us trust DJI to handle our data with due care and not act in bad faith. However, no matter how trustworthy any entity may be, independent audits are of very high value. Not only to the general public, commercial operators, and governments but also to DJI itself. Independent audits can highlight potential risk vectors much like ‘ethical hacking’ does with modern IT systems and software.
DJI has had several independent audits since 2017 on its data security and each audit has found no evidence of misuse of operator data. Misuse includes the covert transmission of data such as flight records and positioning information to third parties. Third parties include the Chinese government, private corporations, and the public at large.
Audits have been performed by globally recognised and respected agencies from the United States which include;
U.S. National Oceanic and Atmospheric Administration
U.S. Cybersecurity Firm Kivu Consulting
U.S. Department of Interior
Idaho National Laboratory for the U.S. Department of Homeland Security
Booz Allen Hamilton for PrecisionHawk
Device Media Storage
In most cases, drone operators will not be flying over site-sensitive locations on an ongoing basis. However, it still remains an important consideration for operators to have full control over their data. Whether it is a photogrammetry mission over a prison or a local test flight in an open field, the knowledge that your own images are stored securely is important.
The Mavic 2 Enterprise has password protection for onboard media storage giving extra security to operators. Alongside this platform, there is the Matrice 300 RTK & Zenmuse H20 which combine to allow SD card encryption. Neither DJI nor anyone else can access this information once a password is set. DJI does not have access to this password.
As well as this, 2017 saw DJI introduce ‘Local Data Mode’ or ‘Privacy Mode’. The feature blocks any transmission of data to DJI flight apps or the internet. One important feature of this mode is the ability to enable maps that will connect only to an external map service while keeping all other connections switched off. This allows the background map to be streamed to the controller. The latest M300 V3 update allows encrypted flight data to be stored on a U.S based Amazon Web Service (AWS) server even when in Local Data Mode. For higher levels of security, a private cloud option can be set up to totally separate from the DJI data infrastructure.
The company states, “DJI customers concerned about data security can use Local Data Mode in the DJI Pilot flight control app, which stops all internet traffic to and from the app to provide enhanced data privacy assurance for customers flying sensitive missions.”
DJI’s Commitment to Data Security | Why are DJI Drones Safe to Use? – DJI’s Commitment to Data Security
In response to the U.S government’s concern over DJI’s Chinese origin and current home, DJI have put it simply. “Your data is none of our business”. As previously mentioned, since 2017 has undergone several major audits of its data security situation. As of today, its drones have been cleared for official government use in the U.S which is a milestone in the company’s commitment to data security.
That being said, DJI may not be the one to worry about but who is? For most operators, third party attacks on drones most often consist of high winds or aggressive birds rather than diligent hackers waiting in the shadows. However, for higher levels of security where data may be more important or sensitive DJI latest innovations will impress even some of those most concerned.
Innovations such as AES-256 encryption between the controller and drone, multilayer protection on AWS cloud storage, entirely erasable data as well as the previously discussed Local Data Mode are top examples of DJI’s current and future commitment to the data security of its operators from hobbyists to government level professional.
Survey Drones Ireland, is Ireland’s only DJI Enterprise Official Silver Partner. For more information, contact one of our experts at Survey Drones Ireland who will be more than willing to assist you in finding what suits your needs.
If you need further advice on this please send us an email to firstname.lastname@example.org or fill in the contact page on this website.