Is DJI using our WiFi accounts directly?
- Thread starter Robbyg
- Start date
geigy
Well-Known Member
- Joined
- Mar 30, 2017
- Messages
- 718
- Reactions
- 405
Just in case we forgot, and gave you another chance to behave like a gentleman, haha.
woo, scary.
What a load of old nonsense. DJI are not secretly getting network access when you've got airplane mode turned on in iOS.
The phone is not needed the drone is always listening and transmitting on the WiFI bands. You should learn how the Mavic works before making assumptions.
It is indeed always listening and transmitting on the WiFI bands, but it isn't using WiFi over those bands, unless you've specifically switched it into that mode.
What is your theory, that is it connecting to open WiFi access points to phone home ?
If so, it is a very easy theory to test. Setup an open access point, turn on DHCP logging and fly your Mavic around it a few times. The access point doesn't even need to be connected to the Internet to test out the theory, you'll see the Mavic turn up in the logs when it asks for an IP address.
Ursus Horribilis
Well-Known Member
- Joined
- Apr 27, 2017
- Messages
- 60
- Reactions
- 19
- Age
- 77
Call me paranoid, but I wouldn't put anything past the Chinese. Being connected to the American people with thousands of Wi-Fi connected DJI drones is like a dream come true for them.
How much eavesdropping is it possible for them to do with these flying connections? Who knows what they're capable of doing with these cameras and microphones in thousands of our homes, connected through our routers.
Paranoid??? Naaaahhhh, just thinking out loud.
Bud
How much eavesdropping is it possible for them to do with these flying connections? Who knows what they're capable of doing with these cameras and microphones in thousands of our homes, connected through our routers.
Paranoid??? Naaaahhhh, just thinking out loud.
Bud
Last edited:
I agree! There has been known bugs/malware purposely installed on many Chinese made internet connected security cameras. Just imagine how much useful intel can be data mined from hundreds of thousands of aerial cameras flying around the western world? State sponsored hacking is a very real security threat these days and frankly, I'd be very surprised if our drones aren't part of those programs.
I'm a professional iOS developer and to the best of my knowledge, there is no way that the Mavic could steal WiFi credentials via the DJI Go app. As for your theory that the drone does it by packet sniffing on the wifi spectrum -- these are (generally) encrypted and not trivial to gain access to.
These are complex systems built by massive teams so I'll never say never. But I will be astonished if I turn out to be wrong.
Don't assume that just because there is a hardware switch that the same thing cannot be done via software. I would say it is highly probable that they can change that mode in software regardless of what position the switch is in.
As for cracking the encryption I have never tried but there are dozens of YouTube videos that show how to crack most WiFi passwords in under 3 minutes for various WiFi encryption methods and many are android based software packages.
Is this all happening I have no idea, but I did find it strange that a brand new looking message came up after several weeks of complete instrument isolation and the timing was exactly when everyone else was getting a forced update prompt.
Rob
Robbyg is an alarmist to the extreme. Just look at his posts on the gimbal cover and "overheating" and you will see how rediculous he is. It's a bug and was the slider for firmware mismatch. Take a screenshot next time.
LOL yes the same guy who said 8 weeks ago that forced updates where coming. The guy who also said that DJI was soon going to require a connection in order to fly. I also stated that .400 was the last firmware update that DJI had no control over and that everyone should stay on it or make a VM copy.
I let my record of predictions stand on their own merit. I Design Circuit boards for a living so I know what companies put inside them and I deal with Chinese companies all the time so I know how they think.
You can sit there in blissful ignorance or maybe you work for DJI so maybe your not all that ignorant on this subject.
lotek
Member
- Joined
- Nov 19, 2016
- Messages
- 24
- Reactions
- 10
- Age
- 67
Your phone should not reach out and "phone home" in airplane mode. If it is a dedicated phone it should be kept 100% offline. I have a Windows 98 system that's kept offline to run old programs. Some of these apps will try to reach out to what ever server is out there.
iOS has a feature that'll let you know when an app has accessed the internet in the background.
Like a previous post, there's probably a time out feature or prompt message sent if the app hasn't been updated in x amount of days.
iOS has a feature that'll let you know when an app has accessed the internet in the background.
Like a previous post, there's probably a time out feature or prompt message sent if the app hasn't been updated in x amount of days.
namja
Well-Known Member
Yeah, this is an Apple (iOS) thing and a Google (Android) thing. They will not allow apps to record/steal WiFi credentials. In this aspect, even if DJI was using them, I would fault Apple/Google for allowing a security breach. Besides, I don't think DJI engineers are smart enough to circumvent stock iOS/Android security protocols.
Easy on the attacks. Sometimes he is extra cautious, but in general, he's been very helpful all around the forums. Besides, I'd rather lean on the more cautious side, especially when dealing with software from a Chinese company.
This I can agree with. I don't trust DJI a bit, and I wish this was an Apple product. Lol. (Even a Google one, though I have serious criticisms about their business practices and approach to privacy too). That said, this particular concern-- that the drone can access your wifi whether you allowed it to or not seems highly improbable in my (reasonably informed) opinion.
But that's not the result of a real investigation or anything definitive and a little paranoia with this company may not be misplaced.
Partizans
Active Member
Isn't it a fact, that before you can use the DJI apps (usually downloaded from Google/Apple store, you have to agree that the app has privileges to access your entire contacts list and also privileges to make phone calls (this can all happen in the background or during idle times).
Partizans
Active Member
Even installing the DJI Store app from Google Play Store insists on these privileges before you can use the app. Why in the world would they need access to your entire contacts list?!? Smells more than "fishy".
Xtreme Drone Pilot
Well-Known Member
You can disable many permissions right after you install it, before you first run it. However, some privileges, like run at startup, cannot be denied, at least, not easily via UI (if anybody knows the way, please chime in). So, DJI Go 4 *always* runs in the background, unless you force stop it. What it is doing, who knows, but:
about:start [dji.retroroms.info]
Similar threads
DJI Drone Deals
1. Mini 2
2. Mini 3 Pro
3. Mini 4 Pro
4. Air 2s
5. Air 3
6. Avata 2
7. Mavic 3 Pro
8. Mavic 3 Classic
2. Mini 3 Pro
3. Mini 4 Pro
4. Air 2s
5. Air 3
6. Avata 2
7. Mavic 3 Pro
8. Mavic 3 Classic
New Threads
-
-
-
-
Agricultural "Drown Swarms" Lifting Off.
- Started by The Droning Company
- Replies: 0
-
Forum statistics
