An independent audit has found “no evidence” of data transmission to DJI, China or any unexpected party.
The manufacturer welcomed the results of the cybersecurity audit of DJI drone products.
The security audit was performed by the cybersecurity team at global consulting firm Booz Allen Hamilton, on behalf of PrecisionHawk’s Unmanned Aerial Intelligence Technology Center of Excellence (UAS COE), as part of its ongoing effort to assess threat vectors facing unmanned aerial technology platforms.
It examined three specific DJI commercial drone products: The Government Edition Mavic Pro, Government Edition Matrice 600 Pro, and the Mavic 2 Enterprise.
The UAS COE released an executive summary of the audit, which DJI has encouraged all customers to read fully.
The firm described it as another independent validation of the security of DJI products following reviews by the U.S. National Oceanic and Atmospheric Administration, U.S. cybersecurity firm Kivu Consulting, U.S. Department of Interior, U.S. Department of Homeland Security, and others.
DJI said the audit is a critical step toward ensuring emerging drone technology is secure and able to be trusted for government and enterprise operations.
This follows the Department of Interior grounding its drone fleet, after citing cybersecurity concerns.
The manufacturer, based in China, said the findings show how DJI customers have control over the data they collect when using its drones, contradicting reports that data from DJI devices is surreptitiously routed to other parties.
As part of its response, a DJI statement reads: “In addition to this important conclusion, we appreciate that Booz Allen’s extensive penetration testing and security review have provided us with further opportunities to enhance the security of our products.
“Through their extensive testing, the audit discovered several low or moderate severity threat vectors that pose a low-security risk to DJI users and that are also present in comparable commercial drone products.”
It continues: “This is a welcome opportunity to further enhance the security profile of our products, even beyond the requirements requested by our government partners when our Government Edition was developed. We look forward to continuing to secure our products if more security issues are discovered.
“We take these findings extremely seriously and are already implementing concrete steps to address many of the threat vectors identified in the report. Some have already been remediated, and we are actively working on several others, for our current products and longer-term approaches to security. All but two of these threat vectors relate to physical proximity or access to the drone itself.”
Concluding: “As an industry leader in the commercial drone market, we remain committed to working with customers, partners, industry, and experts around the globe to address security concerns. We encourage continued participation in the DJI Bug Bounty Program, the details of which can be found on our Security Response Center website. Taken together, these efforts will ensure our industry-leading products remain secure and trusted.”