In Defence of DJI: Why Hackers Are Wrong to Play Games

Plenty of controversial drone industry issues can be found within the text of a single article from our colleagues at sUAS News, titled ‘Don’t be Evil DJI‘. We’re still trying to get to get a grip on exactly what the point of the piece was. But a number of claims were made against the Chinese drone manufacturer.

These claims included references to “DJI’s part in what appears to be phishy things when it comes to regulations and FAA rulemaking” and links to sites for people keen to hack their way past the company’s Geofencing functionality. There was also justification for doing so:

“Why so angry then DJI when people unlock your products to remove the restrictions you put in place? Did you really think that people would do nothing and just happily accept losing functionality, functionality that they paid for essentially?”

On top of that is a lingering conspiracy theory – perpetrated by the same site and its contributors – that drones made by the DJI are being used to share sensitive data with the Chinese government.

On Unfair Influence

We may be missing something here. But there isn’t anything fishy about an industry leader offering input on regulations for the emerging drone space.

Along with Parrot, GoPro and 3DR, DJI is a member of the Drone Manufacturer Alliance, a group specifically set up to share ideas with policy makers. DJI is also represented on the FAA’s Drone Advisory Committee, along with leading business figures such as Intel CEO Brian Krzanich, Precision Hawk’s Michael Chasen and members from Facebook, Amazon Prime and 3DR. Hardly a collection of Chinese sleeper agents. The members of this group are recommended by the RTCA with final approval of all members coming from the FAA.

These are not backroom deals. Clearly, no corporation is benign. But it appears as though DJI is influencing policy through official industry channels.

So what’s the root of this antipathy towards an otherwise popular drone manufacturer? The answer is a complicated one. Aside from industry domination and the (uncomfortable for some) idea of a Chinese company having a seat at the US regulatory table, the company’s Geo system and the measures it has taken to enforce it have caused controversy.

How the Geofencing Controversy Unfolded

Geofencing is nothing new. Just under 5 years ago, DJI drones featured an element of restriction to ensure no-fly zones and limits on operating heights weren’t breached. But it was in 2015 that DJI’s Geofencing system took on greater significance. The move to prevent its drones from operating in restricted areas was in response to public concern and a number of high-profile incidents involving drones flying where they shouldn’t. These included airport ‘near-misses’ and even a crash on the White House lawn.

The idea was simple: coordinate with national regulatory bodies to enforce no-fly zones near airports, prisons and the like. Those who did have permission to be operating within a no-fly zone would have to authorize their device, provide some personal information and have a verified DJI account.

The latest DJI Geo System is just an updated iteration of that concept. However, there has been growing controversy over the manner in which it has been forced onto DJI pilots, as well as legitimate questions asked about data storage and security.

Things came to a head in May when DJI announced a new ‘Activation process‘ that would ensure pilots “use the correct set of geospatial information and flight functions for your aircraft, as determined by your geographical location and user profile”.

The most controversial aspect of this update was, in the eyes of many DJI customers, the restrictions that would be placed on flights if the software and firmware updates weren’t installed and each pilot’s account information wasn’t verified:

If this activation process is not performed, the aircraft will not have access to the correct geospatial information and flight functions for that region, and its operations will be restricted if you update the upcoming firmware: Live camera streaming will be disabled, and flight will be limited to a 50-meter (164-foot) radius up to 30 meters (98 feet) high. 

There seem to be two camps of dissatisfied DJI customers. The first believe that the company has no right to regulate its products once they have been sold, and that the question of obeying FAA legislation is between a pilot and the national government.

The second camp is made up of commercial pilots who have been inconvenienced or completely grounded by the latest software updates to Geo. Clearly, this is not ideal for people who have jobs to get on with, and downright embarrassing if it’s been happening in front of clients.

Whichever camp you’re in, there’s a consensus that DJI hasn’t handled the situation very well. Poor communication and less than adequate customer service are both things that have been associated with the Chinese manufacturer in the past.

Enter the Hackers

Many DJI pilots have grown frustrated at the fact that DJI continues to oversee flights once ownership of a drone has moved from the company to an individual.

And wherever there are disagreements concerning software features, you can bet there’ll be people offering to alter the code to suit the highest bidder. Last month it became clear that plenty of pilots were doing exactly that. Russian hackers began selling pre-coded software patches and DIY coders set up social media groups to share reverse engineered solutions.

The aim is simple: to remove all of DJI’s flight restrictions and liberate pilots around the world.

Here’s one example of an early software hack on offer for the Mavic Pro, for $200, from the ironically named Russian company CopterSafe:

There are even reports that liberated pilots are having altitude photo contests.

DJI Responds

In a Motherboard article, Ben Sullivan outlines the arms race underway between pilots and a manufacturer trying to wrestle back control of its aircraft. DJI has since removed versions of its firmware that are vulnerable to hacking from its servers, and auto-updated DJI drones that already had vulnerable firmware installed.

“A recent firmware update issued for all DJI drones fixes reported issues and ensures DJI’s products continue to provide information and features supporting safe flight,” the company said in a statement. “DJI will continue to investigate additional reports of unauthorized modifications and issue software updates to address them without further announcement.”

We’ve also spoken with DJI. The company’s head of global policy, Brendan Schulman, had this comment to share on the news that many DJI pilots are seeking to work their way around GEO:

“The recent headlines you may have read are fueled by a very small minority of customers who are attempting to circumvent the safety features of DJI drones, like our Geospatial Environment Online (GEO) and our No Fly Zone (NFZ) systems.

Read full story at its original source: In Defence of DJI: Why Hackers Are Wrong to Play Games