Last month, Ukraine’s Deputy Prime Minister Mykhailo Fedorov accused DJI of helping Russia kill Ukrainian civilians. in an unusual way — by allowing Russia to freely use a drone tracking system called the DJI AeroScope to target the exact location of Ukrainian drone pilots and allegedly kill them with mortar and missile strikes.
So we write a detailed explanation of what DJI AeroScope really is, how it works, what it was designed for, and what DJI could do, if anything, to prevent people from dying using its technology. But a hacker pointed out that DJI was not being honest with us on at least one point, and the company now admits it. The AeroScope signals emitted by all modern DJI drones are not actually encrypted, DJI now says.
This means that governments and others with technical ability may not need an AeroScope to see the exact position of every DJI drone and the exact location of every nearby pilot.
To be clear, both DJI spokesman Adam Lisberg and drone forensics expert David Kovar told us that these signals were encrypted. And when hacker Kevin Finisterre suggested that this was wrong, we consulted with DJI. again. It was only after Finisterre repeatedly discredited the claim that DJI admitted the edgealmost a month later, which wasn’t really true.
DJI’s Lisberg says it’s his fault, but he also tells us he was repeatedly told by his R&D contacts in China that it was encrypted and that senior managers had to step in and admit it wasn’t true.
By the way, it’s not entirely surprising that AeroScope signals aren’t encrypted: DJI originally envisioned Drone ID (now known as AeroScope) as a technology that other drone companies would also use. And governments like the United States are already planning order your drone to transmit your physical location by 2023 — will not be optional, and it is also not clear to me whether those signals will be encrypted.
We pressed Lisberg about some of the other claims he made in the article, as we want to make sure other information is correct. There are currently no other fixes, but he admitted that, yes, DJI could prematurely revoke an AeroScope certificate to disable it, although that would only affect stationary units that are connected to its own AWS servers, and that it could also theoretically see GPS positions. of those AeroScope receivers that way (although probably not the ones the Russian military uses or the laptops that don’t connect to AWS at all).
Lisberg also says, “I’ve been told once again that Sentinel and Overseer don’t exist”, referring to a program that sounds sinister that Finisterre found during a DJI data breach in 2017. Finisterre has suggested that the program is evidence that, in China at least, DJI is mining data on its users, but DJI has denied this, saying the edge it was simply a proposal on how DJI could theoretically do targeted advertising, but that never actually happened.
Finisterre has also pointed out that DJI had a way to remotely turn off the AeroScope signals your drones emit until disabled that in later updates. Appear There may still be a way to send commands to the drone to mask the coordinates of a pilot.
Yesterday, DJI announced that it will stop all product shipments and all after-sales support for both Russia and Ukraine.