Commercial users of DJI drones have nothing to fear when it comes to data security after an independent report concluded its customers are in full control over how their data is collected, stored and transmitted.
The study, conducted by San Francisco-based Kivu Consulting, scrutinised drones and software independently obtained in the United States late last year, and confirmed DJI did not access photos, videos or flight logs generated by the drones unless drone operators voluntarily chose to share them.
“This is the first time DJI has allowed outsiders to examine its proprietary computer code, and the result is the first independent verification of what we have said all along: DJI provides robust tools to help our customers keep their data private,” said Michael Perry, DJI managing director North America. “This comprehensive report clearly debunks unsubstantiated rumors about our products and assures our customers that they can continue flying DJI drones with confidence.”
The report was based on a first-of-its-kind detailed examination of DJI drones, mobile apps and servers as well as the data streams they transmit and receive.
Kivu’s engineers comprehensively examined the code repositories for DJI’s mobile apps and tested whether DJI’s drones could transmit sensitive user data without connecting to the DJI app. DJI had no input into Kivu’s findings or conclusions.
“Kivu’s analysis of the drones and the flight control system (drone, hardware controller, GO 4 mobile app) concluded that users have control over the types of data DJI drones collect, store, and transmit,” explained Douglas Brush, Kivu’s director of Cyber Security Investigations.
“For some types of data, such as media files and flight logs, the drone user must affirmatively initiate transmission to any remote server,” Brush added. “For other types, such as initial location checks or diagnostic data, the user may prevent transmission by deactivating settings in the GO 4 application and/or disabling the internet connection.”