Troops ordered to immediately remove batteries from drones and uninstall all related apps
The U.S. Army abruptly banned its members from using drones produced by Chinese manufacturer SZ DJI Technology Co Ltd Wednesday due to “cyber vulnerabilities.”
An August 2 memo signed by Lieutenant General Joseph Anderson, published online by drone blog sUAS News and later confirmed by Reuters, orders service members to “Cease all use, uninstall all DJI applications, remove all batteries/storage media from devices, and secure equipment for follow on direction.”
“Due to increased awareness of cyber vulnerabilities associated with DJI products, it is directed that the U.S. Army halt use of all DJI products,” the memo reads. “This guidance applies to all DJI UAS and any system that employs DJI electrical components or software including, but not limited to, flight computers, cameras, radios, batteries, speed controllers, GPS units, handheld control stations, or devices with DJI software applications installed.”
The directive, which credits discovery of the vulnerabilities to the Army Research Laboratory and Navy, also notes that DJI’s products “are the most widely used non-program of record commercial off-the-shelf UAS employed by the Army.”
“The Army Aviation Engineering Directorate has issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets,” the memo adds.
Brett Velicovich, a former Army intelligence soldier, stated to Defense One that U.S. special forces are known to use DJI’s drones in overseas missions.
“There are U.S. special operators in Syria using DJI products,” Velicovich said. “So I get it. I’m glad [the Army is] finally doing something about this.”
In a statement released Friday, DJI urged its customers “to refrain from undue speculation” while it contacts the U.S. Army for comment.
“We are surprised and disappointed to read reports of the U.S. Army’s unprompted restriction on DJI drones as we were not consulted during their decision,” the company said. “We’ll be reaching out to the U.S. Army to confirm the memo and to understand what is specifically meant by ‘cyber vulnerabilities.’”
While the memo does not cite the specific technical issues with DJI’s products, numerous reports over the years have raised concerns.
Bloomberg reported last year that Chinese government officials were requesting access to user data, including location records and potentially even video footage, stored on DJI’s servers in Hong Kong.
DJI responded by claiming, “nobody but you can see the live video feed or the recorded video it generates — unless you decide otherwise” – but stated it would supply user data to government authorities upon receiving “a valid legal request.”
Kevin Pomaski, writing for sUAS News in May, also alleged that private user data collected by DJI was available through the Google search engine.
“Using a simple Google search the data mined by DJI from your provided flights (imagery, position and flight logs) and your audio can be accessed without your knowing consent,” Pomaski claimed without providing further explanation.
DJI is currently the largest consumer drone maker in the world.
Contact Mikael securely: keybase.io/mikaelthalen