An August 2 memo cites ‘increased awareness of cyber vulnerabilities’ with drones from China’s market-leading DJI.
The U.S. Army has ordered troops to stop using consumer drones made by Chinese manufacturer DJI, according to an Aug. 2 memo seen by Defense One and confirmed by two Army officials.
“Cease all use, uninstall all DJI applications, remove all batteries/storage media from devices, and secure equipment for follow on direction,” reads the memo from Lt. Gen. Joseph H. Anderson, the Army’s deputy chief of staff for plans and operations.
Why? The memo cited “increased awareness of cyber vulnerabilities associated with DJI products.” Service officials declined to elaborate.
Said one Army soldier about the decision, “I wonder how DJI camera stabilizers (which have no memory) can send information back to mainland China.”
DJI drones “are the most widely used non-program of record commercial off-the-shelf UAS employed by the Army,” the memo says.
They’ve also been the world’s most popular consumer drones for several years running, according to the German-based analytics firm, Drone Industry Insights.
DJI products have not proliferated across the Army and onto the battlefield the way more tactical UAVs like Pumas or Switchblades have – both made by U.S. manufacturer Aerovironment.
But, the Army’s Aviation Engineering Directorate has already “issued over 300 separate Airworthiness Releases for DJI products in support of multiple organizations with a variety of mission sets,” according to the memo, which amends existing Pentagon guidance on the domestic use of unmanned systems, finalized in February 2015.
The decision might cause no more than a small headache for units using DJI products – including the 10 or so Fort Hood public affairs soldiers who are licensed remote pilots, according to one Army official.
But it is still a headache of inventory and secure storage, since it covers “any system that employs DJI electrical components or software including, but not limited to, flight computers, cameras, radios, batteries, speed controllers, GPS units, handheld control stations, or devices with DJI software applications installed.”
The memo “could have a huge impact on DJI,” said Brett Velicovich, a former Army intelligence soldier who now runs Expert Drones, a consumer drone firm in Alexandria, Va.
But the unnamed security vulnerabilities could affect the U.S. military — and not just those stateside.
“There are U.S. special operators in Syria using DJI products,” said Velicovich. “So I get it. I’m glad [the Army is] finally doing something about this.”
DJI accounts for at least 70 percent of the commercial unmanned aircraft vehicle market. In recent months, its Phantom series of UAVs has drawn the attention of hackers who’ve been able to break into and manipulate the drone’s GPS software, punching holes in the “geofences” that sought to keep the drones out of no-fly zones.
But hackers aren’t the only ones who can manipulate the drones long after they’ve left the factory floor, been plucked from a store shelf, and flown around the world. In May, DJI officials told users to register their drones with the company — or else the UAVs would suffer cuts to speed and range, even the ability to stream video.
The company claimed it was part of a plan to upgrade its geolocation data to make its UAVs safer. (For what it’s worth, the two references cited in the Army memo — one a classified Army study — were produced just days after DJI’s May 22 announcement; and one month after DJI added portions of Iraq and Syria to its geofence system.)
But it was a wake-up call to many in the industry, Velicovich said: “If they can turn off our drones, what else can they do with those things?”