#USA #Shenzhen #DJI #Drone Security #OnDefend

DJI's Comprehensive Security Assessment: Ensuring Drone Integrity

In a significant move for transparency and security, DJI, one of the world's foremost drone manufacturers, recently published the results of an exhaustive independent security evaluation of its drone systems, particularly focusing on the Air 3S and Matrice 4E models. Conducted by OnDefend, a reputable U.S.-based cybersecurity firm with experience consulting for national security agencies, this assessment represents the most detailed examination of DJI's products to date.

The Assessment Process

The evaluation spanned over five months, during which OnDefend subjected the two drone systems to rigorous tests, encompassing software, hardware, and radio frequency assessments. The evaluation was conducted independently; all units tested were acquired from retail outlets without prior notification to DJI, ensuring unbiased results. This level of scrutiny reflects DJI’s commitment to maintaining high standards of security and reliability in their products.

Key Findings

The report found no critical vulnerabilities or medium-risk issues during the assessment. More specifically:

• - No Data Transmission Outside the U.S.: There was no evidence of data being transmitted outside the United States. All observed connections from DJI's flight control applications were routed through U.S.-based infrastructure, ensuring compliance with local regulations.
• - No Unauthorized Access Mechanics: The evaluation confirmed that no backdoors or remote access mechanisms existed within the systems. The controllers resisted all attempts to jailbreak and modify firmware, illustrating the robustness of DJI's software security.
• - No Unexplained RF Emissions: Throughout testing, no unexplained radio frequency emissions were identified. All signals detected were linked to known system functions, and any new emissions were clarified as being standard signal generation artifacts.
• - No Supply Chain Alterations: The assessment found no unauthorized material modifications or supply chain disruptions, posing no significant risks to hardware integrity.

Minor Risks Identified

While the evaluation did not reveal any major vulnerabilities, ten findings of low risk were noted, alongside thirteen observations concerning application security configurations, session management, and wireless security hardening. Notably, these issues posed no significant threat to drone operation safety or data confidentiality. DJI is actively working with OnDefend to address these findings in future software releases.

Commitment to Transparency

Adam Welsh, DJI's Global Affairs lead, emphasized that this independent evaluation underscores the company’s commitment to safety and transparency in data handling practices. He stated, “These conclusions reinforce the assertion that DJI products are safe and that concerns leading to our listing on the FCC Covered List are not supported by technical evidence.” DJI requested that the FCC consider these findings seriously amid ongoing appeals and has expressed a strong willingness to engage constructively with relevant authorities.

Understanding OnDefend’s Role

OnDefend was selected due to its unique capability in conducting advanced security assessments that identify national security risks across software, hardware, and supply chain integrity. The firm employs proprietary testing technologies that extend beyond conventional security evaluations, utilizing advanced imaging and silicon-level analysis techniques.

Looking Forward

The assessment highlights a crucial period in the evaluation of drone security, particularly concerning data sovereignty and potential vulnerabilities in drone technology. OnDefend has recommended ongoing independent validation to keep pace with software updates, ensuring that DJI’s products remain secure and reliable.

As drones become pivotal in sectors like public safety, agriculture, and emergency response, this rigorous assessment bolsters confidence among users and stakeholders alike. With over 80% of law enforcement agencies in the U.S. relying on DJI technology for essential operations, the significance of these findings cannot be understated.

For those interested in exploring the detailed report and DJI’s ongoing commitment to security, more information can be found in the executive summary linked through the DJI Trust Center.

In conclusion, DJI's proactive approach to security through comprehensive independent evaluations sets a significant precedent in the drone manufacturing industry, emphasizing the importance of transparency and upholding public trust in technology.