Drone Data Security

Are you adhering to your clients Data Security and privacy requirements, as well as your own?

So it’s a story that’s been bubbling away for a while now and it’s finally out.

The US Army has issued a Memorandum enforcing the discontinued use of DJI Products due to cyber security concerns.

It wasn’t long ago the US Banned Chinese CCTV Cameras on critical infrastructure with UK raising concerns also.

So lets back track a bit to the good old days…

The wookong flight controller is all we needed. Let’s be honest it was one of the most reliable on the market and enabled self-builds to be a lot easier to manage and maintain and could be flown without the aid of an IPAD

Modern day – Smart Drone systems, that are easy to fly right out of the box and DJI are ensuring they land in everyone’s hands. With the launch of the Spark, it can take off and land using just your hands.

But whats happening with the all the data

  • Flight Log Information
  • GPS Positioning
  • Aerial Sensor Captured Data
  • APP Stored Data

So going back the good old days, your data was easy to control. The imagery was contained within the camera, and the flight data was contained within the system. It wasn’t connected to the internet, and at best could be accessed locally via a laptop for updates and trouble shooting. I won’t bother mentioning the IOSD as it rarely ever worked properly

Modern day – Smart drone systems from DJI are syncing all of the above data when logged in to your DJI Go App back to the DJI Servers, and this includes some of your payload data.

But here are some things you might not know

  • DJI Includes in your flight log images from your flight – Remember this as well come back to it shortly
  • DJI Syncs your flight logs to their servers
  • DJI Syncs Cached Data from your APP Device when offline and re syncs when online. This includes Audio and Video / Imagery Data

 

DJI Go APP Screenshot from a critical infrastructure inspection I carried out. As you can see it appears in the APP, but how did it get there, I didn’t take this image. It’s a still from a video DJI Captured that’s embedded in the DJI Log, that Syncs to DJI Servers..

Can you see where the US Gov is coming from now with their recent ban now?

Did you know the DJI Go APP communicates with a whole list of servers whilst your system is logged in?

Check out what pilots are doing now, there blocking all the links associated to the DJI Go App Here. That’s a lot of comms going on there, and to where?

Within the systems as well there are hidden secondary SD Cards. They are mentioned loosely in the Manuals

Under Feature Highlights in the Inspire 2 Manual

Flight controller: The flight controller has been updated to provide a safer, more reliable flight experience. A new flight recorder stores critical data from each flight.

Taken from the DJI Forums, where a Mavic user discovers a hidden SD Card. It has now been confirmed, these have been found on the DJI P3, P4, Inspire 1, Inspire 2 and the Mavic. I would expect also the M600 also but not confirmed yet.

So let’s look at it from the clients perspective.

Client : Thanks for doing such a great job, the images look great.
Pilot: Thanks, here is the media release form.
Client: Great, can you confirm this is the only copy of the data
Pilot: ???

How many of you who are using these products can 100% confirm that is the only single copy in existence?

This affects sensitive sites that are being inspected, feature film content that’s been recorded, imagine you just shot some awesome scenes for the new Star Wars films with a DJI system, the copyright and data security infringement issues could be huge if you’re not managing and securing that data.

Emergency services are now utilising drones in the UK. Imagine being a Police task force utilising a DJI system, and your monitoring a sensitive diplomatic subject in the UK……..

Here’s a great article by TechCrunch on Data Privacy.

So what happens next? Will the UK follow suit?

In my opinion, this was already shared with the UK before the registration system was raised, and I believe the UK will follow suit.

Is the ban applicable globally that the US has imposed on all US Sensitive sites? This will have obviously a bigger fall out than just in the US.

So what can I do?

  • There are systems out there on the market, that is what I call closed systems. The data within the system and payload are separate. There contained and secure. Aerialtronics is a prime example of a secure and safe system, with even the possibility of video encryption between the UAS and the Operators.
  • Ensure you understand the system your flying fully and ensure you understand the data security and privacy policies of your clients
  • Consortiq now offers an Enterprise Grade Secure Solution for managing your flight log data, on an instance that only you have access to..CQNet. For more information click here.

To understand the architecture around how CQNet is keeping your flight data secure, more information can be found here.

Its important for organisations to understand, that the flight data recorded is just as sensitive and critical as the payload data.

See original article here.