Proof of the DJI Hack and how it might impact the DJI Ban.

The ultimate proof of the DJI Hack was dropped today from DJI’s own blog, as they deleted flight log sync, code named Supervisor.  How do the clandestine apps work on DJI, and how might this impact the DJI Ban?

In an effort to stop the proposed DJI Ban, DJI announced the removal of DJI’s flight log sync feature on DJI’s own blog.  Yet few drone pilots truly understand why this is a monumental admission by DJI.  For years there has been evidence of the “DJI Hack,” first forensically identified by Kevin Finesterre back in 2017. 

This article will highlight and attempt to organize the monumental data collection from DJI and how it was used to gain market position and gather intelligence.

DJI removing flight sync app, is the canary in the data hack coal mine. It is the ultimate proof and admission of a DJI hack.  DJI is removing the very conduit to which they gathered data on drone pilots and critical infrastructure.   All in an effort to stop the DJI ban, DJI admits to the very thing few people have been saying for the last 7 years.

DJI is facing a potential Ban to be voted on June 12th.  DJI posted to social media asking all drone pilots to speak up using the Drone Alliance to do so.  Which then put the drone alliance under serious scrutiny by Congress, potentially putting drone pilots in the middle of this problem.

A few savy drone pilots actually called out DJI across multiple platforms. Stating that we know there is a DJI security problem and if DJI doesn’t want their drones banned, they need to be honest.

Low and behold June 7th DJI deletes the Flight Log syncing from all of its drones in an attempt to stop the ban.  This is a monumental admission by DJI.  DJI’s Flight sync feature was the conduit used by DJI to collect vast amounts of data on drone pilots.  This data program was dubbed “supervisor” by insiders at DJI.   This data from supervisor would then be used with another DJI program, called sentinel to manipulate the drone market in DJI’s favor.

This is also a huge admission because certain drone pilots, groups and associations have been saying for years there is no proof of a ban.  7 years later, they’re proven wrong.  DJI gaslit those poor useful idiots on a level we have never seen before.

Supervisor program was just one step for DJI to gather data. In order to gather enough intelligence to sway the drone market or gather information to sway sentiment, DJI also had the sentinel program.  Supervisor, combined with sentinel helped create the ultimate sentiment analysis tool by DJI.  As we will outline below there is a treasure trove of data to provide valuable proof the dji hack.

Sentinel was a program developed by DJI to mine sentiment analysis.  Sentiment analysis is a common data analytics tool used to discern what consumers actually think about given products.  The problem is DJI used the sentiment analysis tool and fake profiles across social media to manipulate the brand into the cornerstone of drone products.  DJI also used their data gathering tools to steal patents and infringe on American drone manufacturers.

If you think about it, its very simple. DJI drones were the go-to videography tool of choice.  Even DJI drones were used to film other drones completing missions, testing and researching.  One American company, caught DJI in the Act…sued and won. 

Proof of DJI Supervisor Program.

Believe it or not, if you plug in your DJI drone into a tool you can download online, you can see that the Supervisor program is built into your drone.  The supervisor program relies on DJI’s SDK to submit data to Chinese Servers constantly.  AT first consumers were sending data through the flight logs sent through the “dji academy.”  Then through Flight hub.  Which is fascinating you can even download the source code to DJI’s flight hub software and recreate it to make the ultimate Drone Program management software.

You can even seen in the photo above, what parameters were even sent to DJI through the code.  What’s extremely troubling here, is notice that the DJI UUID of the drone is being transmitted to China.  This is the same UUID that’s used to transmit your position through the FAA’s Remote ID.

Some might even question, did the FAA actually help the Chinese gather data and intelligence on American’s?  UUID is part of all transmissions of data and the FAA now forces (“forces”) drone pilots to constantly transmit their data over the internet to get a position of the pilot.  It could be easily argued that the FAA, through DJI influence (enter Brendan Schulman) helped accelerate the largest data gathering operation in Aviation history.

Who had access to the DJI Data?

Thanks to a testimonial from a DJI employee, we know that about 146 different terminals and 72 different people at DJI had access to all this data being collected on drone pilots.  It was used for sentiment analysis, marketing, sales and even driving conversations online through prominent facebook groups.

Here is a testimonial posted to twitter from years ago explaining that not only did they have access to the data, but what they did with the data.

According to an internal Slide show highlighting how the DJI supervisor and Sentinel data platforms worked, DJI had 31 employees watching the data WEEKLY.  72 total employees had access to the data, and there 146 different data interfaces to interpret and review data.

Whats included in the DJI data hack?

The supervisor program was created to gather as much intelligence on drone pilots, as it was designed to gather information on what they were flying.  From that same DJI slide show, which was created in 2017…we can see exactly how DJI was gather information from DJI apps, products and even during conferences.  (notice the lower right hand corner of how UUID’s were used to identify people at conferences.)

Now let’s show it in english.

What does DJI really want on me?

When addressing the question “What does DJI want with my data?”, it’s important to clarify that DJI isn’t specifically interested in the personal details of individual pilots. Instead, the focus is on the data generated from the actions and usage patterns of drone pilots.

A great question that even popped up on Reddit yesterday.  Through the Flight Sync feature on DJI Go, a

photo was snapped of a drone pilot who was flying naked.   While DJI may have inappropriate photos of drone pilots flying all natural i

n nature, that isn’t the biggest issue.  In this data leak, there are THOUSANDS of examples of drivers licenses, passports, identification cards and more.  Personal data treasure trove for DJI to use how ever they want to.

What might be even more scary is how DJI drones were collecting data on military installations when pilots flew them in areas they weren’t supposed to fly them.

There are countless examples of data gathered by DJI.  They gathered thumbnail images from every single photo ever taken.  They logged GPS data of where drone pilots took off from and helped create a vivid picture of secure locations.

Even when the US government was researching with DJI drones, all of that data went to DJI and thus the CCP.  Imagine federal agents are trying to figure out exactly how “bad people” could gain access to critical information or cause serious destruction to some of our most important buildings and infrastructure.  Well one piece of data showcases how pilots figured out how to take off and fly over the pentagon.   All of this data was pulled from the open AWS server that DJI was storing this data on.  Hacker Kevin Finnesterre figured out exactly how the data was mined and where it was stored.

How would this admission impact the DJI Ban?

The admission of DJI’s flight sync issue and the involvement of their supervisor program in this matter has created significant uncertainty regarding the future of a potential DJI ban in the United States. Here’s a detailed breakdown of the situation:

DJI’s acknowledgment of the flight sync issue demonstrates transparency and a willingness to address problems. This can be seen as a positive step toward maintaining trust with users and regulators.  The admission raises questions about DJI’s methods of rising to market dominance. It suggests that DJI’s growth wasn’t entirely organic but was significantly influenced by strategic maneuvers, including the use of data to shape regulations and market conditions in their favor.

DJI’s use of its data to influence the FAA and push for mandatory internet connectivity and Remote ID (RID) broadcasting highlights the company’s powerful role in shaping drone regulations. This influence is controversial and raises concerns about the fairness and competitiveness of the drone market. By making internet connectivity and RID broadcasting mandatory, (unless a broadcast module was used) DJI ensured that its drones remained compliant with new regulations, potentially sidelining competitors who couldn’t meet these requirements as easily and maintained a constant stream of data.

Despite the controversies, many drone pilots acknowledge that DJI drones are unparalleled in terms of quality and performance. This loyalty to the brand indicates that DJI’s dominance is also rooted in the superiority of its products. The superior performance of DJI drones makes it challenging for competitors to match their offerings, maintaining DJI’s stronghold in the market.

If the US government decides to ban DJI drones, there could be significant support for subsidizing American drone manufacturers to fill the gap. This would involve:

• Financial Support: Providing grants, loans, and other financial incentives to US-based companies to develop and manufacture competitive drones.
• Research and Development: Investing in R&D to advance drone technology domestically and close the gap with DJI.
• Regulatory Support: Creating favorable regulatory conditions for US manufacturers to thrive and compete on a level playing field.

The admission of the flight sync issue opens doors to more scrutiny and investigations into DJI’s practices. It raises questions about the extent of their influence and the ethical implications of their strategies.

How will other drone manufacturers respond to this situation? Will they be able to leverage the controversy to gain market share?

Will the FAA and other regulatory bodies revise their policies in light of these revelations? How will this affect future drone regulations and market dynamics?

The situation with DJI’s admission of the flight sync issue and their strategic maneuvers to influence the FAA creates a complex landscape. It highlights the need for careful consideration of both regulatory and market dynamics. While DJI’s transparency in admitting the issue is a step in the right direction, it also underscores the need for a balanced approach to ensure fair competition and innovation in the drone industry. Whether the US government will take significant steps to support domestic drone manufacturing remains to be seen, but the controversy certainly sets the stage for potential policy changes and increased scrutiny on market leaders like DJI.