Chinese drone company DJI has been under scrutiny recently for its drone tracking system after Ukraine’s Vice Prime minister accused it of helping Russia to kill civilians. DJI initially assured users that the system was encrypted, however, evidence has come to light that this is not true, and the information is in fact, free for all to grab.
The system, called DJI AeroScope, allows users to pinpoint the exact location of a drone pilot. Of course, the DJI didn’t intend for it to be used in warfare and has since stopped shipping its products to both Russia and Ukraine.
DJI initially insisted that the position of every drone user was encrypted. However, in a new twist to the whole story, a hacker has allegedly found evidence that that isn’t the case. The AeroScope signals broadcast by every modern DJI drone aren’t actually encrypted and technically, anyone or any government with the correct technology doesn’t even need AeroScope to see the exact location of any DJI drone pilot.
Although DJI spokesperson Adam Lisberg and drone forensics expert David Kovar said that the signals were encrypted, after repeated probing by Kevin Finisterre, DJI has reluctantly admitted to The Verge that they actually aren’t.
Long story short it means that @adamlisberg needs to provide an updated comment to @StarFire2258 stating that his engineering staff misspoke & that @DJIFlySafe @DJIEnterprise @djiglobal @djisupport #AeroScope #DroneID #RemoteID packets are NOT *encrypted*. https://t.co/7y9xodwIoh pic.twitter.com/FJn1a2QZyV
— KF (@d0tslash) April 19, 2022
It’s interesting, however, that DJI initially intended the tracking system to be used by multiple drone manufacturers and so it’s not entirely surprising that it isn’t encrypted. By 2023 the US government plans to have mandates in place that ensure that your drone broadcasts your physical location. It’s unlikely to be opt-out, and those signals most likely won’t be encrypted either, according to DJI’s former VP of Policy and Legal Affairs Brendan Schulman.
Within the industry, it's clear that the ASTM standard will be the means of compliance (i.e. Bluetooth and WiFi protocols).https://t.co/YN93onbg3s
— Brendan Schulman (@dronelaws) April 29, 2022
It’s interesting and unfortunate that this tech is being used and tested in a war situation for purposes it was never intended for. But it does call to mind the wider responsibility that both tech companies and governments have in protecting citizens, both in terms of data information and how that corresponds to real physical security.
I think that we must assume that if technology can be used for nefarious purposes, it most likely will, and companies need to keep that in mind with their products.