Chinese drones are spying on Americans

[Lastrexking]

This is all propaganda as part of the trade war with the US and China.
You don’t see us in the rest of the world stressing about what China might do with a video of us flying over the local park. ?

 

[Robbyg]

People can spin this a thousand ways but the fact is that "IF" DJI can view the footage coming off your drone it means that they have thousand of people providing them with very detailed images and coordinates of locations all over the USA everyday. It's not hard to imagine a gigantic detailed map being built up over time that can help flesh out more detail on the publicly available maps as well as their own spy satellite maps.

Lets put this into simple context. There is no way on Earth that a United states company could openly sell Chinese citizens drones that flew around China and were connected to servers in the United States. This could never happen and there are good reasons why China would never let it happen.

BTW I just read that the Chinese Government says there will be a response to this Ban coming shortly.

 

[Meta4]

People can spin this a thousand ways but the fact is that "IF" DJI can view the footage coming off your drone it means that they have thousand of people providing them with very detailed images and coordinates of locations all over the USA everyday.

But since DJI don't get to see your imagery, none of this matters.

It's not hard to imagine a gigantic detailed map being built up over time that can help flesh out more detail on the publicly available maps as well as their own spy satellite maps.

And even if it did, what I pointed out back in post #13 explains another fatal flaw in the ridiculous DJI drone espionage fantasy.

 

[karlblessing]

Considering how much of our product is of Chinese or related origin, they'd have a much easier time using a much less obvious product if spying was the intent. Desktop and Laptop computers for example, game consoles, components for mobile phones or networking... etc etc.

Hardly anything useful is going to come from drone footage by hobbyists, especially when the vast majority of them can't be flown in such restricted space, and the kinds that do (custom built FPV etc) wouldn't likely have any backdoor connectivity anyways.

Like we should care about our security/privacy, but looking at one market, or one nationality and going all crazy on it just causes more harm than actual benefits.

 

[Chip]

I can't help but wonder, why do the people here who feel that China is such a threat, buy DJI products?

I think you would have to read my post again and try to see the distinction I made in the very first paragraph between Joe Blow using a DJI drone to make a video of his summer vacation and a government agent using one to conduct official business.

Here is what I said:

Here is the Aug 2017 ICE memo that summarized security threat created by DJI. We tend to scoff here at notion that anyone would benefit from stealing pictures of our summer vacations. I think the more serious concerns, however, include embedding DJI into US military, law enforcement and infrastructure as well as allowing any country to dominate 80% of world wide drone market.

I have long wondered how DJI Aeroscopes could help US law enforcement catch anyone unless DJI agreed to provide owner registration data as it may deem necessary at its sole discretion. And now I wonder, what if DJI sent to all its good friends and partners in US government, law enforcement, critical infrastructure like dams and railways, fire departments, etc. that use its drones a friendly email with a little button to click to update software with a not so friendly secret payload....but, I am assuming that the government employs real smart ever vigilant people who know all about computer security and stuff to protect us, right?

https://info.publicintelligence.net/ICE-DJI-China.pdf

 

[Robbyg]

But since DJI don't get to see your imagery, none of this matters.


And even if it did, what I pointed out back in post #13 explains another fatal flaw in the ridiculous DJI drone espionage fantasy.

I don't know how you know that for certain but evidently the Top US intelligence agencies don't agree with that assessment. I cannot see any other reason why they would not want DJI drones (Specifically) not being flown around bases and other semi secure locations while other brands are allowed in those same areas.

 

[maelstrom]

I don't know how you know that for certain but evidently the Top US intelligence agencies don't agree with that assessment.

I can’t see how they came to their conclusion as, even if your drone was able to live-stream video back to their servers (which doesn’t appear to be the case), you can happily fly with your device in airplane mode. Perhaps the Intelligence Agencies weren’t aware of this facility!

 

[Chip]

Who really knows?

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

Accept third party cookies

 

[Chip]

Chinese drone maker DJI left users at high risk of spying and hacking under security flaw
By Jack Kilbride and Bang Xiao November 2018 at 11:37am

EXCERPTS:

DJI has had to fix a large vulnerability in their services following a report from security firm Check Point that pointed out that an attacker could easily access a user's account and all their personal data without the user being aware.
"Spying on enterprises — not to mention hundreds of thousands of private individuals — could well have been possible," Check Point said on their website in revealing their report.

Effectively, Check Point researchers found that they were able to exploit a loophole in DJI's user identification process, which uses identification tokens and cookies to allow a user to log in seamlessly across different platforms. Check Point said that a hacker could steal a cookie by tricking a DJI user to click on a malicious link posted in a drone forum, and then replace a user's DJI identification token with their own and gain access to all areas of the user's DJI Mobile App, web account, or DJI FlightHub.

According to Oded Vanunu, head of Check Point's threat prevention team who conducted the research, the hacker would then have access to flight logs, photos, and videos taken by the drone as well as live camera video if the user was flying the drone at the time. The hacker would also have access to all personal and profile information, which could include a user's credit card details, Mr Vanunu said. A similar vulnerability with identification tokens was exploited to hack 50 million Facebook profiles in September.

In a blog outlining their report, Check Point said in the worst case scenario, the information taken from hacking an account could reveal gaps in an organisation or military base security, leaving it vulnerable to criminals and potential terrorists.

"In general, the surveillance capabilities that hacked drones — or their connected customer accounts — can offer provide a rich resource of information for threat actors," Check Point wrote. "And of course, if this data is not directly useful to one threat actor, it is not hard to find another on the Dark Web to whom it is and could be sold."

Check Point initially raised the concern in March through DJI's Bug Bounty Program — which rewards anyone who provides valuable information on security vulnerabilities — and DJI engineers investigated, deeming the issue a high security risk, but a low probability.

"This is because the vulnerability required a complicated set of preconditions to be successfully exploited," DJI said in a statement explaining their actions in patching the vulnerability. "The user would have to be logged into their DJI account while clicking on a specially-planted, malicious link in the DJI Forum."

They added that there is no evidence that the vulnerability was ever exploited, and reasserted DJI's commitment to security and privacy.

 

[Meta4]

I don't know how you know that for certain but evidently the Top US intelligence agencies don't agree with that assessment.

I fly with a wifi only tablet.
It cannot transmit anything to anyone while I'm flying.
The imagery goes directly to the SD card which I copy to my computer.
How is anyone going to see them unless I choose to share them?
Can you imagine an espionage genius coming up with a master plan that's so easy to circumvent?
Or that drone flyer's videos and photos are a rich source of high value espionage information worth harvesting.

I cannot see any other reason why they would not want DJI drones (Specifically) not being flown around bases and other semi secure locations while other brands are allowed in those same areas.

The initial Defence Dept ban only mentioned cybersecurity concerns without spelling out what that concern was.
They have never mentioned a concern that images showing sensitive locations was the issue.

 

[maelstrom]

I cannot see any other reason why they would not want DJI drones (Specifically) not being flown around bases and other semi secure locations while other brands are allowed in those same areas.

What’s to stop a foreign agent buying a US-manufactured drone and legally flying around all of the areas they want to photograph or video? If a foreign country wants to use information from videos we’ve taken from our drones, what’s to stop them going to the same place and taking a video themselves? The whole DJI issue makes absolutely no sense from a security point of view. At least DJI generally prevents their drones flying around sensitive or restricted areas by default whilst most other drone manufacturers apply no such restrictions.

The whole thing seems to be more about political expediency by the US government and paranoia from some customers.

 

[jchilton]

I generally tune out of an article at the first pearl-clutching mention of “CCP (booga-booga-booga).”

 

[skiptv]

Russian and Chinese and Israeli and France and Briton and Japan, all have Satellites that can take much closer, more detailed pictures of anything and everything they want. They dont need little 4K cameras on drones to do that. Additionally its no secret where any US military base is or Power Plant is, just drive down a highway and look for the street sign. Last but not least, maybe the current administration, (at least until Jan 20th) would consider Russians hacking our nukes just slightly more dangerous than "toy" drones stealing our national secrets and spying on us. Oh, and if you are personally worried about the spying, turn off your cell phone, your Alexa, heck your smart TV, ring camera, and even your smart refrigerator, lol and get off of Facebook, Instagram and twitter.

 

[Bobell69]

As if people had nothing better to do. People who believe this tripe must have low IQ levels. I guess Apple and Google maps would fall into this communist conspiracy nonsense as well.

 

[Silverfox53]

Seems a whole lot of neurosis to me - id worry more about the USA government than the chinese, who are very welcome to look at my footage of a sea cliff any day of the week.

 

[Bobell69]

What’s to stop a foreign agent buying a US-manufactured drone and legally flying around all of the areas they want to photograph or video? If a foreign country wants to use information from videos we’ve taken from our drones, what’s to stop the going to the same place and taking a video themselves? The whole DJI issue makes absolutely no sense from a security point of view. At least DJI generally prevents their drones flying around sensitive or restricted areas by default whilst most other drone manufacturers apply no such restrictions.

The whole thing seems to be more about political expediency by the US government and paranoia from some customers.

Perhaps if a foreign agent does this, then that creates a whole new problem for the US Govt. Would the US then have to pass a law banning the sale and purchase of American made drones and components because they are being used by foreign powers to spy on the US?

 

[GregS]

That piece is just recycling old nonsense that's been debunked many times in the last few years.

Dont you just love conspiracy reports? Let's look at this. Chicoms will link to your drone when it flies over someplace they want info on. How many thousands of drones are out there, and how do they know which ones to monitor? If I want to see someplace sensitive; like Area 51, I'll just pull up Google Earth and get a pretty clear photo....and drones are not aloud anywhere near that place, I think maybe we can debunk the Chicom thing.

 

[RussOnTheRoad]

IMHO there is so much fear mongering built upon baseless, misunderstood, and incorrect information that is all too quickly believed and spread by the fearful and ill-informed. Fear-fueled ignorance is the greater concern.

 

[Maviac]

People would notice data transfers of that size (and none have ever been observed).
And there's no reason DJI or the Chinese government would be interested in scouring your videos.

Excellent point. I was curious a while back how much data was being used when I synced my flights. I did a couple, which included 4K video and photos cached. I reset the data counter, then synced. I was really surprised to see it take only a few MB. Hardly enough for even a small-ish jpeg to be transmitted, much less a photo of any quality, or certainly any video. I did it just to make sure I wasn’t wasting a of of LTE data, but it also proves your point, at least anecdotally.

Anyway, I’d proposed a separate sub-forum for all threads like this, along with all the “DJI BANNED OMG!!1!” threads. Save the rest of us the time of clicking ignore every time this nonsense comes up, which seems to be more regular now.

 

[LakeTravis]

Or, they could just look on Google maps....

I always laugh and say this same thing... Or they could just tap into your smartphone