DJI Expands Knowledge Privateness Protections For Authorities And Industrial Drone Operators – Drones Information
After the new cybersecurity audit, the local data mode function will be made available to more DJI drones to cut off the internet connection and prevent the transmission of drone flight data
September 9, 2020 – DJI, the world’s leading provider of civil drones and aerial photography technology, will make Local Data Mode a user-friendly and effective data protection feature that eliminates the internet connection and prevents the transmission of all drone data over the internet, available in the flight controls -Apps DJI GO4 and DJI Fly in the coming months. The function has been available for DJI drones via the DJI Pilot app since 2017. Today’s commitment to expanding the availability of this feature follows an independent review and validation of DJI’s local data mode and drone products by FTI Consulting (FTI), a global leader in cybersecurity.
This expansion brings local data mode to the operators of all newer DJI drones, so commercial and government customers, including public safety agencies and other federal, state and local government users, can confidently choose the best DJI drone for each mission. All DJI drones offer their users data security protection by allowing them to decide whether and when their drone data is released externally. The local data mode offers government and business customers additional security that the data generated during the drone operation is effectively protected. It’s an internet connection shutdown feature within DJI’s command and control applications that, when activated, prevents the app from sending or receiving data over the internet. With this feature, drone operators can easily and effectively disconnect all network connections from DJI’s mobile applications and prevent data from being transmitted to DJI or other parties.
“For commercial and government customers who generate highly sensitive data and work with strict data security protocols, Local Data Mode provides a simple and effective operator-controlled guarantee that no data from their flights is being transmitted over the Internet,” said Brendan Schulman, vice president for politics and law at DJI. “This extended feature for DJI customers builds on the results of the independent analysis by FTI and shows once again that DJI enables its customers to protect their data.”
Independent cybersecurity audit validates the local data mode
FTI recently conducted an analysis of DJI hardware and software, including a review of the source code of DJI applications as well as a hardware cybersecurity review of devices. All DJI products were independently sourced for testing purposes, and DJI provided FTI with access to more than 20 million lines of source code for an exam that focused on understanding communication protocols and goals. The summary of the full analysis by FTI is available for download under this link.
The FTI audit showed that when the local data mode was activated, no data generated by the drone or application was sent externally to the infrastructure operated by third parties, including DJI, which verified the statements made by DJI about the usefulness and function of the function. FTI also found that using local data mode with the Allow Map Services feature enabled, which gives operators additional in-flight situational awareness, resulted in data being sent and received only to a trusted third-party American map provider, Mapbox. FTI’s assessment also confirmed that DJI employs a variety of security best practices.
How local data mode works
DJI drones are controlled by flight control apps that run either alone or in conjunction with a remote control on smartphones or tablets. They routinely communicate with DJI and third-party servers over the Internet. Through this communication, the apps check for software and firmware updates and receive relevant localized data for flights, including maps to be displayed on the app screen. Geofencing restrictions, including government-issued temporary flight restrictions; Radio frequency and radio power requirements for the flight region; and other information that improves flight safety and functionality.
There are two options for activating local data mode, just activating local data mode and activating local data mode together with the map service request. Enabling local data mode will stop all communication from the DJI app to and from the internet, ensuring drone operators that all data remains local and fully under their control. If operators want to use the network-based map services that are available via the DJI apps in local data mode, they can activate the “Allow map services” function to access them, so that Internet communication is only possible with the server of the American map service provider Mapbox. Other apps on a smartphone or tablet are not affected by using local data mode.
Additional protection for commercial and government customers
For commercial and government customers who want advanced drone fleet management features offered by the DJI FlightHub software, the FTI analysis also did not reveal any evidence that data with the combination of FlightHub Enterprise and the DJI Pilot PE application was external requested or transferred. FlightHub Enterprise is a version of FlightHub that is installed and hosted on a customer’s local IT infrastructure. The DJI Pilot PE application is a custom version of DJI Pilot for use with FlightHub Enterprise.
DJI continues to offer its Government Edition solution, which is specially designed for use in high security situations by government agencies. The solution includes custom device firmware and operating software in a unique architecture that supports high data security requirements, including permanently activated local data mode to ensure that drone data can never be disclosed to unauthorized persons, including DJI. DJI’s Government Edition solution, while not part of the FTI analysis, has been independently audited by US cybersecurity firm Booz Allen Hamilton, the US Department of the Interior, and the US Department of Homeland Security.
Continuous commitment to cybersecurity and data protection
Today’s news marks another milestone in DJI’s multi-year commitment to cybersecurity and privacy to reassure customers that DJI drones are safe to operate in a variety of missions and environments. DJI awards Bug Bounty Awards to researchers and others who discover and responsibly disclose issues that could compromise the security of DJI products, and have its products proactively independently audited by private US cybersecurity companies and federal agencies. These include studies by the U.S. National Oceanic and Atmospheric Administration, U.S. cybersecurity firms Kivu Consulting and Booz Allen Hamilton, the U.S. Department of the Interior, U.S. Department of Homeland Security, and today’s report from FTI Consulting. For more information about how DJI protects cybersecurity, please visit https://security.dji.com/data/overview/.