DJI looks to boost drone data security after US Army ban

DJI will introduce a local data mode that will enable drone pilots to disconnect from the internet during flights.

DJI modifies security over US Army drone concerns

Chinese drone developer DJI has announced that it is developing a new local data mode that blocks internet traffic to and from its flight control apps, after the US Army ordered its members to stop using DJI drones because of "cyber vulnerabilities".

The Shenzhen-based company said its flight control apps routinely communicate over the internet to ensure a drone has up-to-date local maps and geofencing data, correct radio frequency and power requirements, and other information deemed relevant to flight safety and functionality.

The new local data mode will enable users to disconnect from the internet during flights, making it impossible for data such as photos, videos, and flight logs to reach DJI's servers.

The company said this will provide "enhanced data privacy assurances" to government and enterprise customers with "heightened" data security needs, such as those performing sensitive operations around the world.

DJI pointed out, however, that the local data mode may result in performance limitations as it will disable updates of maps, flight restrictions, and other information that its flight control applications receive via the internet while a drone is in use.

The company insisted it does not collect or have access to user flight logs, photos, or videos unless the user shares them by syncing flight logs with DJI servers or by uploading photos or videos to DJI's SkyPixel website.

The local data mode has been in development for several months and will be included in future versions of DJI apps such as GO, GO 4, XT Pro, Pilot, and Ground Station Pro. Customers will be able to use the new mode by the end of September, DJI said.

However, it will not be available in all countries if there are regulations that require pilots to have the most up-to-date maps and information.

DJI has begun updating its firmware to eradicate commonly-used vulnerabilities exploited by customers to circumvent no-fly zones and other restrictions such as speed and height. The company also started removing old, vulnerable firmware versions from its servers.

The move was prompted by drone enthusiasts posting instructions and how-to guides to alter the firmware of DJI drones on YouTube, Facebook, forums, and even dedicated websites.