#USA #Shenzhen #DJI Matrice 4E #DJI Air 3S #OnDefend

DJI Releases Comprehensive Security Assessment Results for Its Drone Systems

DJI, the premier drone manufacturer globally, has announced the results of the most thorough independent security assessment conducted on its products. This assessment was authorized by DJI and executed by OnDefend, a cybersecurity firm based in the United States, recognized for its reliance by national security agencies and corporate sectors.

The evaluation specifically focused on the DJI Air 3S and the DJI Matrice 4E, put through advanced adversarial tests covering software, hardware, and radio frequency aspects. To ensure the integrity of this assessment, consumer units were procured directly from retail stores without prior notice to DJI, while enterprise units were sourced from existing dealer stock. All tested devices conformed to the standard U.S. market distribution.

Key Findings of the Assessment

The assessment revealed zero critical, high, or medium risks associated with the systems evaluated. Here are some key points:

• - No Data Transmission Beyond U.S. Borders: There were no indications of data being sent outside the U.S. All connections from DJI’s flight control applications were linked to infrastructure within the country.
• - Absence of Backdoors: The assessment found no backdoors or mechanisms facilitating unauthorized access. The control devices successfully resisted attempts at jailbreaking and firmware modification.
• - Clear Radio Frequency Emissions: No obscure radio frequency emissions were detected. All signals captured were linked to known system functionalities. Emissions previously undocumented by the FCC were confirmed as normal artifacts of signal generation methods, not hidden channels.
• - No Supply Chain Manipulation: There were no manipulations in the supply chain or unauthorized modifications to hardware.

Identified Low-risk Findings and Mitigation Measures

While ten minor risks and thirteen observations were reported, these aligned with industry standards for complex mobile and embedded systems. They predominantly related to application security configurations, session management, and wireless connectivity. Importantly, none posed a realistic threat to safe drone operation or significant exposure of confidential information. DJI has been collaborating with OnDefend on potential remediation strategies throughout the review process and is addressing any outstanding issues in upcoming software updates.

Insights from OnDefend

"During the testing period, OnDefend found no clear evidence of hidden backdoors, no data transmission beyond the U.S., and no realistic potential for misuse or militarization," noted OnDefend representatives. They recommend ongoing testing of firmware and software upgrades, alongside continuous monitoring for hardware and chip integrity.

According to Adam Welsh, DJI's Global Policy Lead, "This is the most comprehensive independent security assessment ever conducted for our products. These results verify our longstanding stance that our products are safe and our data practices are transparent. Concerns leading to our classification on the FCC Covered List are unsubstantiated by technical evidence. We initiated this independent review because we believe that facts should dictate political decisions."

Testing Overview and Details

The assessment spanned from October 2025 to March 2026 and was structured around three national security themes: data sovereignty, hardware vulnerabilities, and drone manipulation risks. OnDefend implemented hardware and firmware examinations that extended beyond conventional cybersecurity evaluations, leveraging proprietary technology for complex dismantling, radio frequency, and silicon analyses designed to uncover unauthorized transmission paths, camouflage, fake components, undocumented modifications, hidden antennas, and broader supply chain risks.

Software evaluations included both static and dynamic security tests of DJI's applications, such as DJI Fly and Pilot 2, involving complete network traffic analysis in both standard and local data modes, and adversary simulations, including Man-in-the-Middle attacks, certificate circumventions, privilege escalations, and jailbreak attempts.

In hardware assessments, OnDefend conducted wide-spectrum scanning of radio frequencies from 1 MHz to 6 GHz, hardware disassembly, and PCB-level component analysis, as well as checks on supply chain integrity and radio frequency exploitation tests.

Why OnDefend Was Chosen

OnDefend's offensive security team is composed of professionals with vast operational experience in national security from the U.S. military and government. Specializing in advanced adversarial testing, the firm is equipped to recognize risks to national security, supply chains, and technological integrity across software, hardware, and systems environments. Their unique testing technology employs AI-driven imaging and silicon-level analyses to detect unauthorized transmission paths, counterfeit components, and undocumented hardware modifications—features typically absent from standard hardware security evaluations.

Context of the FCC Covered List

DJI's inclusion in the FCC Covered List in December 2025 was not accompanied by any identification of documented security vulnerabilities. DJI has contested this classification and consistently called for a transparent, evidence-based technical review.

In the U.S., DJI's drones are extensively deployed across public safety, agriculture, infrastructure, and creative sectors. Restrictions on access to this technology could adversely affect operational capabilities, business continuity, and cost structures for users in these fields.

• - Over 80% of local and state law enforcement agencies utilizing drones rely on DJI for search and rescue missions, accident reconstructions, crime scene documentation, and tactical surveillance.
• - 43% of commercial drone users fear that limitations on DJI could lead to extremely negative or even life-threatening outcomes for their operations.

DJI remains a standard in aerial cinematography, journalistic endeavors, and documentary production. Further information about this assessment can be found in the Executive Summary and DJI Trust Center, detailing DJI's ongoing commitment to product safety and independent reviews.