DJI’s Latest Security Audit Challenges US Concerns Over Chinese Drones

Alysa Gavilan

Alysa Gavilan has spent years exploring photography through photojournalism and street scenes. She enjoys working with both film and mirrorless cameras, and her fascination with the craft has grown over the decades. Inspired by Vivian Maier, she is drawn to capturing everyday moments that often go unnoticed.

DJI Air 3S Drone

DJI says an independent cybersecurity assessment found no major security risks in two of its drone systems, adding a new chapter to the company’s ongoing dispute with US regulators over national security concerns.

The drone maker released findings from a review conducted by US-based cybersecurity firm OnDefend, which examined the DJI Air 3S and DJI Matrice 4E platforms between October 2025 and March 2026. According to the report, testers found no critical, high, or medium-risk vulnerabilities during extensive software, hardware, and radio frequency analysis.

Among the findings, OnDefend reported no evidence of data transmission outside the United States, no hidden backdoors, no unauthorized remote access mechanisms, and no unexplained radio frequency emissions. 

The firm also said it found no signs of supply chain tampering or undocumented hardware modifications. Ten low-risk findings were identified, primarily involving application security configurations and wireless hardening measures. 

DJI said it is working to address the remaining issues through future software updates.

DJI commissioned the assessment, but the company said OnDefend conducted the testing independently. Consumer drones were reportedly purchased through normal retail channels without notifying DJI beforehand, while enterprise units came from dealer inventory.

The testing included firmware analysis, network traffic monitoring, hardware teardowns, radio frequency scanning, and simulated attacks designed to test how the systems responded to attempts at manipulation or unauthorized access.

DJI argues that the findings support its long-standing position that security concerns surrounding its products have not been supported by technical evidence. 

dji

A Timeline of DJI’s Clash With Washington

Concerns about DJI’s ties to China have circulated in Washington for years, but pressure intensified in 2024 when lawmakers advanced the proposed Countering CCP Drones Act, legislation aimed at restricting DJI’s access to the US market. The measure passed the House of Representatives but was not ultimately included in the final National Defense Authorization Act at that stage.

Instead, Congress adopted a separate review process through the FY2025 National Defense Authorization Act. That measure called for a national security assessment of DJI products before the end of 2025. According to DJI and multiple reports, the review was never completed before the deadline.

In December 2025, the FCC added DJI and other foreign drone manufacturers to its Covered List. The move blocked authorization of new drone models for sale in the US, although existing approved products remained legal to use and purchase.

DJI filed legal challenges in 2026 and has continued to push for what it describes as an evidence-based technical review.

Hand holding small gray DJI Spark compact drone with teal accent stripe outdoors, propellers spinning, natural blurred green background, demonstrating portable palm-sized aerial photography quadcopter size and design.

What This Means for Drone Users

For photographers, filmmakers, surveyors, and public safety agencies, the audit does not immediately change the regulatory landscape. Existing DJI drones remain widely used across industries, but restrictions on future product approvals could affect what equipment becomes available in the US market in coming years.

DJI argues that limiting access to its products could increase costs and reduce available options for users who rely on drones for aerial imaging, inspections, agriculture, and emergency response.

At the same time, national security concerns raised by lawmakers have never been limited to software vulnerabilities alone. Questions about supply chains, foreign ownership, geopolitical risks, and dependence on Chinese technology remain part of the broader debate.

A Reminder About Independent Audits

While the report will likely strengthen DJI’s arguments, it should also be viewed in context.

The assessment examined specific hardware, firmware, and software versions during a defined testing period. OnDefend itself noted that ongoing testing remains necessary as products evolve through updates and new releases.

Independent security reviews can provide valuable technical evidence, but they are snapshots in time rather than permanent certifications. 

As drone technology becomes more connected and more integrated into critical industries, scrutiny from governments and security researchers is unlikely to fade anytime soon.

For DJI, the report may help its case. For the broader drone industry, it highlights how cybersecurity, politics, and technology have become increasingly difficult to separate.


Filed Under:

Tagged With:

Find this interesting? Share it with your friends!

Alysa Gavilan

Alysa Gavilan

Alysa Gavilan has spent years exploring photography through photojournalism and street scenes. She enjoys working with both film and mirrorless cameras, and her fascination with the craft has grown over the decades. Inspired by Vivian Maier, she is drawn to capturing everyday moments that often go unnoticed.

Join the Discussion

DIYP Comment Policy
Be nice, be on-topic, no personal information or flames.

Leave a Reply

Your email address will not be published. Required fields are marked *