Make America great again
DJI drones: 'Cyber vulnerabilities' prompt blanket US Army ban
The US Army has issued a global order banning its units from using drones made by Chinese firm DJI, citing “cyber vulnerabilities”. The memorandum, issued by the US Army’s Lieutenant General Joseph Anderson, orders all US Army units with DJI products to immediately stop using them. “Due to increased awareness of cyber …
-
-
Saturday 5th August 2017 18:50 GMT Anonymous Coward
Re: Is this the same....
No, it is not the one non-US vendor issue.
The non-US vendor issue is different. Once upon a time there was just one US network vendor which had the special line cards to be put into the routers in that supposedly non-existent room in the facility of a large US Telco in San Francisco which copied all traffic and sent it to No Such Agency. At line rate. The other US and Eu vendors did not have the feature set which supposedly did not even exist. This was in the days of Shrub Junior and was later put in law with a backdate and the telco in question given immunity from prosecution.
So someone in US govt asked non-US vendor for the same feature set without going into details what it is it for. Bog standard RFI/RFQ. Non-US vendor answered with a quote and delivery date. That freaked out USA govt off the scale. They reacted the way a Taleban elder reacts when he finds that his supposedly virgin wife is actually the village bicycle. Yes, China, Russia, etc have all been there before us and have requested said featureset long ago before us. That is reality, USA govt needs to deal with it and accept it.
All names removed to protect the guilty. You can guess Huy is Huy here.
The issue here is different - DGI relays data to China. So do all Chinese consumer toys - video cameras, IoT, etc. The DOD is right - they do not belong in an army unit.
-
-
Friday 4th August 2017 13:50 GMT Peter2
Nonetheless, ease of use, a relatively low price point (something DJI prides itself on, to the point that nascent US rival 3D Robotics found itself unable to compete with DJI in the drone hardware market) and availability tends to trump security concerns.
Unless military units are using these devices in places where they offically aren't present and are concerned about it being provable that they were in a location other than that publically declared, or worried that GPS coordinates being beamed back might be read by a third party with intercept capability and the will to drop things that go "BANG" on the people flying them.
Both are problems not really faced by legal civil use, and I can see either issue being significant concerns in a military context.
-
Friday 4th August 2017 17:30 GMT fidodogbreath
GPS coordinates being beamed back might be read by a third party with intercept capability and the will to drop things that go "BANG" on the people flying them
That, and the drones might capture (and phone home) sensitive images of military equipment & personnel on the way to/from the target.
-
-
Friday 4th August 2017 14:13 GMT Anonymous Coward
I have no knowledge of the real reason behind this and I suspect most or none of the others making comments have either; but, it is always a bad idea to enable so much loss of manufacturing through trade deals to boost Corporate profits with, what appears to be, no regard for either working class or middle class jobs and security over the long term.
-
Friday 4th August 2017 21:15 GMT martinusher
Re: local employment
>idea to enable so much loss of manufacturing through trade deals to boost Corporate profits with, what appears to be, no regard for either working class or middle class jobs and security over the long term.
Our daughter's father in law was involved with a project with 'a major aerospace company' to produce a quadcopter for military/police use. He wasn't forthcoming with a lot of information about it but reading between the lines it sounded like a 'not very good copy of a DJI' at 100 times or so the price.
There's lots of jobs out there -- we can't find enough skilled people to fill them. Where there's a surplus of labor is in unskilled blue or white collar jobs (there's lots of management type jobs that are doing not very much except sucking value out of the supply chain).
-
-
Friday 4th August 2017 14:51 GMT Donn Bly
Can't have it both ways
Quite often when making regulations there are unintended consequences.
The US Government wants drones to check in realtime to make sure that end users aren't flying in a restricted zone, have the ability to add restricted zones quickly, and make it impossible for end users to modify the requirement. By definition, that means that the drone has to send its location SOMEWHERE to be vetted, unless it were to download and synchronize a locally cached mirror of the worldwide no-fly zone database each time it is turned on (and presumably periodically while it is flying as well)
Mirroring the database has its own security concerns, as people will look for changes to know exactly where "interesting" things are happening.
This is an example of where you can have security, or you can have privacy, but you can't have both - and it is the government's own demand for "security" that is the root cause of the loss of privacy.
-
Friday 4th August 2017 15:26 GMT Yet Another Anonymous coward
Re: Can't have it both ways
It has an onboard map of restricted zones (it is only a vector perimeter so compresses very well) they don't constantly request ATC permission from the Chinese government live while flying around your back garden. They are required to update the list online regularly
>Mirroring the database has its own security concerns, as people will look for changes to know exactly where "interesting" things are happening.
Yes, like printing "secret restricted area" in large letters on roadmaps - but they still do it.
-
-
-
Friday 4th August 2017 16:14 GMT hellwig
Only Logical
So, you have your front-line troops carry drones to scout-out areas where they presumably plan to operate in some sort of military-related capacity, do you really want those drones sending that information to CHINA? Even if we trusted China, how secure are those communications?
Normal citizens should be wary of what they upload "to the cloud", but our military using commercial drones? Perhaps COTS wasn't the proper solution here.
-
Saturday 5th August 2017 02:45 GMT Yet Another Anonymous coward
Re: Only Logical
The drones use wifi. If you are the US military operating in a middle eastern war zone, you are probably not connected to free starbucks wifi.
I would expect you to have the necessary firewall to notice, and preferably block, a connection from your drone to www.secret-spydrone-hq.cn
-
-
Saturday 5th August 2017 07:10 GMT Milton
What, still??
Am I really the only one surprised that any non-Chinese organisation, whether government or private, which has the slightest concern for security and confidentiality, would consider even for a nanosecond, using equipment which has Chinese-controlled/-sourced components or code?
FFS, many cyber-aware organisations won't allow their staff to take non-disposable devices to any territory controlled by China, and whatever they bring back gets quarantined, scrubbed and in some cases destroyed.
As soon as *anything* has been touched by China or its agents or companies, you have to assume it is fatally and permanently compromised, and that everything you thought was secret is now on a billboard in Beijing. Whether it's a tiny chip component, phone, webcam, switch, TV, laptop ... you simply shouldn't touch it with a long pole.
People, you've had at least 10 years to notice this, figure it out and take necessary preventative action. What's the excuse?
-
Sunday 6th August 2017 17:20 GMT TheElder
???????
Why don't the parties involved accept that the ware may be compromised? Then make a deal that must include source code and changeable firmware chip. Then alter it as desired. Perhaps a better way would to be use the same defense tactics that other military aircraft use. Allow the coordinates to be transmitted (if really happening) and fake them. "Hey look!" The drone is flying underwater and through sewage tunnels... Or maybe it is flying over your enemies... Drop bangers right here! Anybody that knows the offset and change timing can still use that data correctly.
Many years ago a company I worked for gave us laptops that had a password that changed every five minutes. Need to turn it on? Call in to a secret number, enter ID and listen to the robot.
-
Monday 7th August 2017 18:04 GMT JaitcH
Obviously, the Bribetakers in the Pentagon have been Knobbled
Guess that idiot Trump's Buy America and America First policies have been triggered so the industrial-military complex can 'invent' their own version for millions (billions?) of dollars and start up a whole new Army/Air Force/Navy competition for who will fly these things.
One question: How, given the limitations of WiFi, does a drone backchat to it's manufacturers server when being used in the back of beyond to chase down the Freedom Fighters?
Biting the hand that feeds IT
