DJI Promises 'Local Data Mode' To Fend Off US Government's Mooted Ban (theregister.com) 47
An anonymous reader quotes a report from The Register: Chinese drone maker DJI has commissioned yet another security audit with FTI Consulting that's given it a clean bill of health, as the US government reportedly prepares to ban its remote controlled aircraft from American skies. DJI, whose headquarters are in the Chinese city of Shenzhen (the firm's full name is Shenzhen Da-Jiang Innovations Technology Company) has reacted to claims that US regulators intend shutting it out of their market by announcing that a new "local data mode" will be implemented.
In a statement DJI said its local data mode "eliminates internet connectivity and prevents the transmission of all drone data over the internet," promising to add this to its DJI GO4 and DJI Fly flight control apps "within the coming months." "This expansion brings Local Data Mode to operators of all recent DJI drones, allowing commercial and government customers, including public safety agencies and other federal, state and local government users, to confidently choose the best DJI drone for each mission," boasted the firm, which, perhaps justifiably, claims to have a dominant position in the global small drone market.
In a statement DJI said its local data mode "eliminates internet connectivity and prevents the transmission of all drone data over the internet," promising to add this to its DJI GO4 and DJI Fly flight control apps "within the coming months." "This expansion brings Local Data Mode to operators of all recent DJI drones, allowing commercial and government customers, including public safety agencies and other federal, state and local government users, to confidently choose the best DJI drone for each mission," boasted the firm, which, perhaps justifiably, claims to have a dominant position in the global small drone market.
But (Score:4, Insightful)
Do you trust them not to have a backdoor?
Re: (Score:3)
You are clearly unfamiliar with the adage 'knowledge is power'.
The amount of data potentially gleaned by China through inadvertent drone surveillance would be more powerful than all the nuclear weapons that have ever been produced.
Not inadvertent - federal govt uses them on purpos (Score:3)
> The amount of data potentially gleaned by China through inadvertent drone surveillance
I don't know that it would really be "inadvertent". The proposed ban is on US federal agencies buying new DJI drones for use by the government. If the federal government is using a drone to look at something and take video / pics of it, the govt is doing that on purpose, because the area is of interest to the federal government.
For China to say "hmm, anything that the US federal government wants to look at might als
Re: (Score:1)
You make it sound as if DJI is streaming a live feed from your drone to some creepy dude in China. Most of what gets uploaded when you sync to the cloud (which already is a feature which can be optionally disabled) is the operational and GPS data logged by the drone, and a low resolution thumbnail image.
Furthermore, hobby drones still aren’t that ubiquitous. If China really wanted to collect geographical data and snoop on Americans, a smartphone app would be the way to go. I’m just saying...
Re: (Score:2)
"The amount of data potentially gleaned by China through inadvertent drone surveillance would be more powerful than all the nuclear weapons that have ever been produced." :)
Re: (Score:2)
:) :)
Re: (Score:2)
That depends on what you view as end goal. If you find end goal of total destruction of current human civilization, nukes are the ultimate weapons.
But if you note that MAD exists and you want to keep your civilization working through and after any great power conflict, they're not useful for anything other than ensuring that nukes or a mass World War style warfare aren't used against you. As a result in MAD scenario such as one we live in today, knowledge is far more powerful than nukes in many great power
Re: (Score:2)
What utter bullshit. For a start someone would have noticed if gigabytes of video data was being exfiltrated from phones.
China has spy satellites. It has commercial airlines that fly to the US and over it. If they really wanted to they could just send some guys with orange jackets to do photogametry of the target area, just like many US companies do on a regular basis. There is absolutely no need to steal drone footage and if they did it would only give the game away and help the US identify which targets t
Re: (Score:2)
Spy satellites, for all the Hollywood hype are extremely limited in scope of what they do and have virtually no loitering ability. That's why there are many reconnaissance aircraft flying right now near borders of various great power. It's why we have Open Skies. It's why everyone is massively investing in MALE reconnaissance drones.
Re: (Score:2)
Using drones for aerial bomb deliveries is very old art at this point. It's why US Army suddenly is commissioning close range mobile point defense weapons and and EW modules from everyone who can promise to be able to mount them on Strykers and military trucks today. It comes from realization that even with US Air Force maintaining total air supremacy, small drones remain being operable against them. Because they're often portable enough to be carried in a backpack, and even those that are larger rail launc
Re: (Score:2)
Do you trust them not to have a backdoor?
If you've set that mode and don't provide an internet connection for it, what is a backdoor to do?
All of my electronics are made in China (Score:2)
Re: (Score:2)
No but I trust Wireshark and the fact that many, many other people will be checking to see if this feature works as advertised.
Another option is to simply install a firewall on your phone. On Android there are several available, no root or anything like that needed. Some can block ads via a hosts file too (sorry APK).
Re: (Score:2)
Do you trust them not to have a backdoor?
The USA Department of Interior does, unfortunately for them their detailed assessment of DJI wasn't more powerful than Trump's hardon against Jhina and therefore they were forced to remove DJI from USA government programs despite a long and successful history in the field and analysis in the lab.
"Consulting"?! LMAO! (Score:4)
I have just one thing to comment on this - See the history of Arthur Anderson Accounting sometime.
When I see an INDEPENDENT audit of a drone that is RANDOMLY chosen, then I will take it a little more seriously.
Re: (Score:2)
Do you honestly think that if the US government asked for an independent audit, DJI allowed it and it came back clean the administration would relent on this ban?
Do you really believe that the NSA hasn't already stolen the source or reverse engineered the apps and determined that they don't in fact represent a security risk?
Re: (Score:2)
No, because DJI cannot allow such an audit, as it would require removal of data vital to national security of PRC. As of a few months ago, PRC very publicly informed the world that they have a new law that specifically and explicitly forbids any company from giving access to such data to foreigners.
Re: (Score:2)
So, they hired this consulting firm to audit them
Yes this is pointless. The Department of Interior already audited them and gave them the thumbs up for continued use for government operations. Then along comes an angry little orange racist in a MAGA cap.
My first thought (Score:4, Insightful)
Frankly, best thing to do is avoid Chinese anything. I know it is hard, heck most everything I ordered online "is" made is China. But you can do it over time, if you start the purchase process with that in mind.
Over time things will reset. After all, been my experience that Chinese stuff does not last very long. I do think you can buy items with a better over all ROI that are not made in China.
Re: (Score:1)
Easier said than done. You’d be surprised how many supposedly made in the USA products are assembled here from Chinese-sourced components.
Re:My first thought (Score:5, Insightful)
A better approach than avoiding "Chinese anything" might be avoiding "cloud anything". Even if China were the only possible enemy (and it's not), you wouldn't know who China might have infiltrated, or what might have slipped into the supply chain.
If arandom device demands to talk to the Internet, it should have a damned good reason. A toy helicopter doesn't have a good reason. Not even for the no-fly database; there are other ways you could give it access to that.
Congratulations to DJI on dropping the need for that access. That might even make their product usable.
Re: (Score:2)
Yeah I'm more concerned about the absolute negligence we see demonstrated almost daily in cloud-based systems. There's no real difference between China (or any other Nation State or unaccountable corporation) getting data through products they themselves sell, or harvesting it out of some unencrypted mongodb some contractor's employee left in the cloud. And it's not necessarily a matter of "oops, I did it again." All companies could be rife with employees selling data out on the criminal or espionage mar
Re:My first thought (Score:4, Interesting)
And use what? Made in America, we know has back doors as well as America having extradition treaties and the muscle to force extradition or worse, plain old kidnapping.
With 2 million in prison and a police force with qualified immunity so they can execute people for the flimsiest reasons and a long history of attacking their own citizens, little well other peoples like any Central American country that votes the wrong way, they're more of a threat to my freedom then China, which at least is far away and has little leverage.
The real problem here is that America can't compete, so they have to ban the competition. That way we can revisist the Made in America automobile that didn't last 100,000 miles.
Re: (Score:2)
I find the best option is to buy Chinese and replace the firmware with your own. You get great low cost, high quality hardware and great open source firmware.
3D printers are a good example. The Ender Pro 3 is an excellent device, well supported by both Ender and the community, the stock firmware is decent but there are plenty of open source ones, you can even replace the controller with your own if you like. Many IP cams are similar, buy decent but cheap hardware and replace the firmware for a top notch sec
Re: (Score:2)
Good solution but for the most paranoid, there's always the possibility of a hardware backdoor. I guess if you have something to hide from the intelligence community, who is unlikely to be looking for the average persons banking info or such, is defense in depth. Encryption, firewall, new firmware, etc.
Re:My first thought - Crippleware (Score:2)
Why are people so unclear in their language? (Score:3)
From what I've read, "as the US government reportedly prepares to ban its remote controlled aircraft from American skies" is simply incorrect. It's wrong, sloppy language and leads to confusion. I was under the impression they were going to ban it from being purchased by the US Federal government, no?
So, are kids these days (anyone under 35) not getting proper English classes and learning how to properly and clearly present facts in a way that isn't confusing or wrong?
Indeed, by the federal gvt. On purpose? (Score:2)
> not getting proper English classes and learning how to properly and clearly present facts in a way that isn't confusing or wrong?
Could be that, or it could be that particular people are mistating the facts on purpose (lying).
Re: (Score:2)
Yeah, it's too bad. If the US banned DJI drones I could probably get one cheap.
FANGMAN need to provide this all over the world (Score:2)
Good, But... (Score:1)
This is purely a good thing. There was never a valid reason for DJI's instance that even the batteries phone home whenever you try to do anything with them.
Fuck every one of these phone home spyware producing companies.
It looks like the U.S. Government is making DJI drones better fro everyone.
The only problem is, should I trust them? Nope, firewall blocking will instantly tell me if they try to phone home even a single ping packet. And then their reputation is destroyed.
Someone enlighten me (Score:2)
All maintenance and updates should be handled by plugging the thing directly into a computer via USB cable, all video transfers can be done via bluetooth or, again, via direct connection.
Why?
AC Posts? (Score:1)
How are these AC posts showing up when Slashdot supposedly disabled AC posting?
Re: (Score:1)
Logged in users can still post as AC.
It's all of us regular users who prefer to be anonymously smarmy.
Re: AC Posts? (Score:1)
I can't. When I tick the 'Post Anonymously' checkbox the reply is refused, even while logged in.
Re: (Score:3, Informative)
DJI’s drones automatically download a NFZ database, which actually is updated quite frequently as NOTAMs are posted for sporting events, presidential visits, etc. It’s not something that would be needed if all drone pilots were responsible and did their due diligence before taking off, but there’s a lot of idiots out there who’ve ruined it for the rest of us.
Re: (Score:2)
Everything is moving to being connected to the internet, that's what 5G is for. From your light bulb to your car, all feeding data back to their manufacturer or their partners. Data is the new gold, the companies that specialize in data like Google and especially Facebook are some of the largest and most powerful companies in the world.
Karma (Score:3)
DJI was hoping to edge out amateur-built drones, and little Timmy's model airplane along with them, by encouraging a RID system that only the big companies could comply with. So I don't see why we shouldn't throw out as well.
Background:https://slashdot.org/comments.pl?sid=17028051&cid=60434011 [slashdot.org]
What happens when it comes back online? (Score:2)
So, recently, I was a visual observer for a Sheriff's deputy pilot flying a Matrice with FLIR. We were looking for a missing hiker. The damn drone insisted on connecting to the internet before it would allow us to launch. While we were only a few miles from town, cellular service was spotty and it took about a half an hour before we were able to make a connection. Turns out that the only thing it needed to do was to find out if there were any software updates. There was no way to tell it "Yeah, yeah, I