#China #Shenzhen #Cybersecurity #Drones #DJI

DJI Unveils Comprehensive Security Assessment Results

DJI, the preeminent name in drone manufacturing, has made headlines with the recent release of an extensive security assessment conducted by the renowned U.S.-based cybersecurity firm, OnDefend. This evaluation marks a significant milestone in ensuring the security and reliability of DJI's drone products, specifically focusing on the DJI Air 3S and Matrice 4E models.

Key Findings from the Assessment

Conducted over five months, the independent security assessment yielded reassuring results: no critical, high, or medium-risk vulnerabilities were identified. The assessment rigorously tested the drones' software, hardware, and radio frequency components. Here are some significant takeaways from the evaluation:

• - No Data Transmission Issues: The assessment found no evidence of any data being sent outside the United States, with all connections verified to be routed through U.S.-based infrastructure.
• - No Backdoors or Unauthorised Access: The testing confirmed that the controllers resisted attempts at unauthorized access, such as jailbreaking and firmware modification.
• - Radio Frequency Emissions: All detected radio emissions were traced back to known operational functions, and no unexplained emissions were found.
• - Supply Chain Security: Importantly, no instances of supply chain tampering or unauthorized hardware modifications were detected, reaffirming the integrity of DJI's components.

While the assessment did uncover ten low-risk findings and thirteen other observations related primarily to application security and session management, none of these posed any significant threats to the safety or security of drone operations. DJI is actively working with OnDefend to address these aspects in future software updates.

Testing Credentials and Process

The assessment was conducted by OnDefend, a team laden with expertise from the military and government sectors, who are known for their thorough and advanced testing methodologies. They employed proprietary technology to probe deeper than traditional security assessments and employed adversarial simulations to validate the robustness of the system against potential threats.

Throughout the testing period, spanning October 2025 to March 2026, OnDefend conducted rigorous hardware and firmware testing that included analyzing components at the silicon level, network traffic assessments, and dynamic application security testing. Many of these tests were designed to simulate real-world hacking attempts, ensuring the drones would remain secure despite various attack styles.

Moving Forward with Security Assurance

Adam Welsh, DJI's Head of Global Policy, highlighted the significance of the findings, stating, "This is the most comprehensive independent security assessment ever undertaken on our products. These results reinforce that our products are secure and emphasize the need for transparency regarding our data practices."

DJI is also requesting policy-makers, particularly the FCC, to consider these independent results in light of the ongoing appeal concerning the company's designation on the FCC Covered List, which has sparked concerns regarding national security.

The implications of DJI’s security stature are particularly crucial considering their vast usage across various sectors, including public safety, agriculture, and creative industries. DJI drones play a vital role in numerous operations, and any restrictions could hinder vital services.

As DJI continues to enhance its security practices, the commitment to maintaining high standards will not only improve consumer confidence but also fortify the operational landscape for the industries reliant on their technology. Stakeholders eagerly await future assessments and innovations from DJI as they strive to lead in both performance and security within the drone industry.

For more information on the assessment, DJI encourages stakeholders to explore the executive summary on their website and visit the DJI Trust Center for comprehensive insights into their ongoing investments in product security.