DJI responds to alleged security weakness as being ‘hypothetical, unexploited’

Source: Global Times Published: 2020/7/27 22:38:40

A drone sows rice seeds in Shuikou Township of Kaiping, south China's Guangdong Province, Feb. 26, 2020. A demonstration field project, a cooperation between Chinese drone maker DJI and a local agricultural cooperative, started sowing operation on Wednesday with the help of drones. (Xinhua/Mao Siqian)

Chinese drone maker DJI said safety weaknesses allegedly affecting hundreds of thousands of customers across the world are typical software concerns and there is no evidence showing they have been exploited, the company told the Global Times on Monday, responding to recent research reports. 

The safety weaknesses in question were reported by researchers from cybersecurity firms Synacktiv and Grimm, one based in France and the other in the US. 

The reports claim the Android version of the popular DJI Go 4 app, which allows users to control their drones, collects large amounts of user data that could be exploited by the government. The app supports four drones manufactured by DJI, including the Phantom 4, Mavic Pro, Phantom 4 Pro and Inspire 2. 

They also claim that DJI is providing downloads and updates in places outside Google Play. According to Synacktiv and Grimm, this allows third-party data collection and updates without reviews from Google, potentially violating Google's terms of service. 

However, a source close to the matter told the Global Times that the reports were baseless and a sign that the US is cracking down on China by hitting Chinese tech companies. 

According to information DJI sent to the Global Times, the company is only providing additional updates and download services to users without access to Google Play, and is not intentionally violating Google's terms of services. 

DJI also said the reported software vulnerability is only "hypothetical" and the reports contained nothing relating to or contradicting previous reports from the US Department of Homeland Security, which found no evidence of any unexpected data transmission from the apps designed for government and professional customers. 

Fu Liang, a Beijing-based telecom industry expert told the Global Times that the update and download service provision is "not uncommon" among Chinese apps, but Fu noted that given the high profile of DJI, the company could be subject to especially intense scrutiny in data security.

In its statement, the company said the app's update function, which Synacktiv and Grimm see as a violation of security terms, serves an important safety role in mitigating the use of hacked apps that seek to override geofencing or altitude limitation features, so that the safety features in the users' drones cannot be overridden by any hacked version. 

Posted in: ECONOMY

blog comments powered by Disqus