DJI camera drones are likely spying on the United States for China. At least, that’s what a newly uncovered US government memo claims. DJI has responded by calling the allegations “insane.”
In the memo, the ICE agent writes that he or she “assesses with moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government.”
The memo further “assesses with high confidence the company is selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data.”
The list of sensitive data being gathered by DJI is extensive, the agent claims:
The UAS operate on two Android smartphone applications called DJI GO and Sky Pixels that automatically tag GPS imagery and locations, register facial recognition data even when the system is off, and access users’ phone data. Additionally, the applications capture user identification, e-mail addresses, full names, phone numbers, images, videos, and computer credentials. Much of the information collected includes proprietary and sensitive critical infrastructure data, such as detailed imagery of power control panels, security measures for critical infrastructure sites, or materials used in bridge construction.
What’s more, the agent says the info collected could be used to launch an attack against the US, writing with “high confidence” that “the critical infrastructure and law enforcement entities using DJI systems are collecting sensitive intelligence that the Chinese government could use to conduct physical or cyber attacks against the United States and its population.”
These conclusions were made after the agent looked into “information derived from open source reporting and a reliable source within the unmanned aerial systems (UAS) industry with first and secondhand access.”
Here’s the full memo:
In an email to Fast Company, DJI spokesperson Adam Lisberg called the memo “utterly insane.” After the memo was published on the Internet, DJI also quickly published a statement on its website refuting the allegations and saying that the memo was “based on clearly false and misleading claims from an unidentified source.
“[T]he allegations in the bulletin are so profoundly wrong as a factual matter that ICE should consider withdrawing it.”
Many of the allegations in the ICE report are obviously false. The claims that DJI systems can register facial recognition data even while powered off, that Parrot and Yuneec have stopped manufacturing competitive products, and that DJI products have substantial price differentials between the U.S. and China can be easily disproven with a basic knowledge of technology and the drone industry, or even a simple internet search.
DJI has also asked ICE to look into whether the agent may have “had a competitive or improper motive to interfere with DJI’s legitimate business by making false allegations about DJI.”
DJI, based in Shenzhen, China, is a dominant force globally in the camera drone industry — DJI reportedly owns a 70%+ market share of all non-hobbyist drones in the US, according to a recent survey. But the company has been the subject of cybersecurity scrutiny as of late.
In August, the US Army abruptly ended its use of DJI products, citing cyber vulnerabilities. DJI responded less than 2 months later by launching a Local Data privacy mode that allows drones to fly completely offline.
“DJI has built its reputation on developing the best products for consumer and professional drone users across a wide variety of fields, including those who fly sensitive missions and need strong data security,” DJI concludes in its statement. “We will continue working to provide our customers the security they require.”