back to article DJI drones: 'Cyber vulnerabilities' prompt blanket US Army ban

The US Army has issued a global order banning its units from using drones made by Chinese firm DJI, citing “cyber vulnerabilities”. The memorandum, issued by the US Army’s Lieutenant General Joseph Anderson, orders all US Army units with DJI products to immediately stop using them. “Due to increased awareness of cyber …

  1. cbars Silver badge
    Trollface

    Make America great again

    1. Aitor 1

      Pork

      Barrel.

      My guess is that they dont want to alianate the military companies that provide worse (as in specs) products at 100x the price, but apparently with better security.

      That, or the DJI drones are really beaming data back.

      1. Brian Miller

        Re: Pork

        "We'll use the video from this drone in our covert op..."

        Yeah, I'd discontinue the use of drones like that, too. Your usage is monitored, and not to improve the drone's performance.

      2. fidodogbreath

        Re: Pork

        My guess is that they dont want to alianate the military companies that provide worse (as in specs) products at 100x the price, but apparently with better security.

        And Hellfire missiles.

    2. Inventor of the Marmite Laser Silver badge

      As opposed to "making America grate"

      words, words, random letters

      1. Chemical Bob

        Re: As opposed to "making America grate"

        Well, looking at the evidence...

    3. This post has been deleted by its author

  2. Andy The Hat Silver badge

    Please, never again ...

    "availability tends to trump security concerns."

    Please never use the word "trump" in the same sentence as "security" unless it's in a context such as "Trump really has sod all idea about security."

  3. Anonymous Coward
    Anonymous Coward

    um...

    ... so did we not check these before our police starting building their entire drone fleet on these things??

  4. Anonymous Coward
    Anonymous Coward

    Is this the same....

    ...insecure Heuwai kit, that despite being a complete checking over by both GCHQ and the NSA with no real issues found, still are banned.

    Why don;t they just be honest.

    "We want to buy US kit with security holes in that we have endorsed"

    1. Anonymous Coward
      Anonymous Coward

      Re: Is this the same....

      No, it is not the one non-US vendor issue.

      The non-US vendor issue is different. Once upon a time there was just one US network vendor which had the special line cards to be put into the routers in that supposedly non-existent room in the facility of a large US Telco in San Francisco which copied all traffic and sent it to No Such Agency. At line rate. The other US and Eu vendors did not have the feature set which supposedly did not even exist. This was in the days of Shrub Junior and was later put in law with a backdate and the telco in question given immunity from prosecution.

      So someone in US govt asked non-US vendor for the same feature set without going into details what it is it for. Bog standard RFI/RFQ. Non-US vendor answered with a quote and delivery date. That freaked out USA govt off the scale. They reacted the way a Taleban elder reacts when he finds that his supposedly virgin wife is actually the village bicycle. Yes, China, Russia, etc have all been there before us and have requested said featureset long ago before us. That is reality, USA govt needs to deal with it and accept it.

      All names removed to protect the guilty. You can guess Huy is Huy here.

      The issue here is different - DGI relays data to China. So do all Chinese consumer toys - video cameras, IoT, etc. The DOD is right - they do not belong in an army unit.

  5. Peter2 Silver badge

    Nonetheless, ease of use, a relatively low price point (something DJI prides itself on, to the point that nascent US rival 3D Robotics found itself unable to compete with DJI in the drone hardware market) and availability tends to trump security concerns.

    Unless military units are using these devices in places where they offically aren't present and are concerned about it being provable that they were in a location other than that publically declared, or worried that GPS coordinates being beamed back might be read by a third party with intercept capability and the will to drop things that go "BANG" on the people flying them.

    Both are problems not really faced by legal civil use, and I can see either issue being significant concerns in a military context.

    1. fidodogbreath

      GPS coordinates being beamed back might be read by a third party with intercept capability and the will to drop things that go "BANG" on the people flying them

      That, and the drones might capture (and phone home) sensitive images of military equipment & personnel on the way to/from the target.

  6. Anonymous Coward
    Anonymous Coward

    I have no knowledge of the real reason behind this and I suspect most or none of the others making comments have either; but, it is always a bad idea to enable so much loss of manufacturing through trade deals to boost Corporate profits with, what appears to be, no regard for either working class or middle class jobs and security over the long term.

    1. martinusher Silver badge

      Re: local employment

      >idea to enable so much loss of manufacturing through trade deals to boost Corporate profits with, what appears to be, no regard for either working class or middle class jobs and security over the long term.

      Our daughter's father in law was involved with a project with 'a major aerospace company' to produce a quadcopter for military/police use. He wasn't forthcoming with a lot of information about it but reading between the lines it sounded like a 'not very good copy of a DJI' at 100 times or so the price.

      There's lots of jobs out there -- we can't find enough skilled people to fill them. Where there's a surplus of labor is in unskilled blue or white collar jobs (there's lots of management type jobs that are doing not very much except sucking value out of the supply chain).

  7. Chris Evans

    Can't fly anywhere as standard?

    "Irritated hackers later modified DJI's firmware to allow flights outside of these no-fly zones,"

    I suspect they meant write "INSIDE of these no-fly zones"...

  8. Donn Bly
    FAIL

    Can't have it both ways

    Quite often when making regulations there are unintended consequences.

    The US Government wants drones to check in realtime to make sure that end users aren't flying in a restricted zone, have the ability to add restricted zones quickly, and make it impossible for end users to modify the requirement. By definition, that means that the drone has to send its location SOMEWHERE to be vetted, unless it were to download and synchronize a locally cached mirror of the worldwide no-fly zone database each time it is turned on (and presumably periodically while it is flying as well)

    Mirroring the database has its own security concerns, as people will look for changes to know exactly where "interesting" things are happening.

    This is an example of where you can have security, or you can have privacy, but you can't have both - and it is the government's own demand for "security" that is the root cause of the loss of privacy.

    1. Yet Another Anonymous coward Silver badge

      Re: Can't have it both ways

      It has an onboard map of restricted zones (it is only a vector perimeter so compresses very well) they don't constantly request ATC permission from the Chinese government live while flying around your back garden. They are required to update the list online regularly

      >Mirroring the database has its own security concerns, as people will look for changes to know exactly where "interesting" things are happening.

      Yes, like printing "secret restricted area" in large letters on roadmaps - but they still do it.

  9. djvrs

    Phoning Home?

    No, I call it droning home :-)

  10. Inventor of the Marmite Laser Silver badge

    We’ll be reaching out to the US Army

    What's wrong with just: " We’ll be ASKING the US Army" - unless you are an HR consultancy reject.

    1. Anonymous Coward
      Anonymous Coward

      Re: We’ll be reaching out to the US Army

      "Inventor of the Marmite Laser"

      Is that a laser using Marmite to cut or a laser to cut Marmite?

    2. allthecoolshortnamesweretaken

      Re: We’ll be reaching out to the US Army

      HR consultancy reject

      Ouch. That's third-degree-burn grade material. May I use that from time to time where appropiate?

    3. Fred Tourette
      Megaphone

      Re: We’ll be reaching out to the US Army

      Thank you. I am so sick of "reach out." And pivot, and trending, and viral...

      http://www.limpinggazelles.com/p/reach-out.html

  11. hellwig

    Only Logical

    So, you have your front-line troops carry drones to scout-out areas where they presumably plan to operate in some sort of military-related capacity, do you really want those drones sending that information to CHINA? Even if we trusted China, how secure are those communications?

    Normal citizens should be wary of what they upload "to the cloud", but our military using commercial drones? Perhaps COTS wasn't the proper solution here.

    1. Yet Another Anonymous coward Silver badge

      Re: Only Logical

      The drones use wifi. If you are the US military operating in a middle eastern war zone, you are probably not connected to free starbucks wifi.

      I would expect you to have the necessary firewall to notice, and preferably block, a connection from your drone to www.secret-spydrone-hq.cn

  12. Herby

    Good argument for...

    Open source if you ask me.

    Not that it would prevent security problems, just make them more "hidden".

  13. J.Smith

    Refund?

    Do AliExpress do refunds?

  14. Milton

    What, still??

    Am I really the only one surprised that any non-Chinese organisation, whether government or private, which has the slightest concern for security and confidentiality, would consider even for a nanosecond, using equipment which has Chinese-controlled/-sourced components or code?

    FFS, many cyber-aware organisations won't allow their staff to take non-disposable devices to any territory controlled by China, and whatever they bring back gets quarantined, scrubbed and in some cases destroyed.

    As soon as *anything* has been touched by China or its agents or companies, you have to assume it is fatally and permanently compromised, and that everything you thought was secret is now on a billboard in Beijing. Whether it's a tiny chip component, phone, webcam, switch, TV, laptop ... you simply shouldn't touch it with a long pole.

    People, you've had at least 10 years to notice this, figure it out and take necessary preventative action. What's the excuse?

    1. Stork

      Re: What, still??

      In the Real World, what can you buy then? I have a feeling that the choice of gear is very limited if nothing Chinese can be inside.

      Anyway, the US is being seen in a similar way by non-US tech companies (at least biotech). So US gear is the same thing...

    2. nijam Silver badge

      Re: What, still??

      Not just China.

      You could substitute pretty much any other country with a government, and your post would be equally valid.

  15. David Roberts
    Black Helicopters

    South China Sea

    Nuff said.

    1. Yet Another Anonymous coward Silver badge

      Re: South China Sea

      British Indian Ocean Territories

      So the US army shouldn't use any drone that uses ARM, it might be a plot by the Brits to take back control

  16. TheElder

    ???????

    Why don't the parties involved accept that the ware may be compromised? Then make a deal that must include source code and changeable firmware chip. Then alter it as desired. Perhaps a better way would to be use the same defense tactics that other military aircraft use. Allow the coordinates to be transmitted (if really happening) and fake them. "Hey look!" The drone is flying underwater and through sewage tunnels... Or maybe it is flying over your enemies... Drop bangers right here! Anybody that knows the offset and change timing can still use that data correctly.

    Many years ago a company I worked for gave us laptops that had a password that changed every five minutes. Need to turn it on? Call in to a secret number, enter ID and listen to the robot.

  17. Matt Schofield

    Still loads cheaper than helicopters to roll your own...

    Or maybe not knowing defence and government procurement in the UK. Still might be nice to rip off the Chinese for a change.

  18. JaitcH
    Unhappy

    Obviously, the Bribetakers in the Pentagon have been Knobbled

    Guess that idiot Trump's Buy America and America First policies have been triggered so the industrial-military complex can 'invent' their own version for millions (billions?) of dollars and start up a whole new Army/Air Force/Navy competition for who will fly these things.

    One question: How, given the limitations of WiFi, does a drone backchat to it's manufacturers server when being used in the back of beyond to chase down the Freedom Fighters?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon