How to fly Chinese drones without risking security.

July 31, 2020
How to fly Chinese drones without risking security.

Wondering how to fly your DJI or other Chinese drone without risking security? After years of experience in flying drones and a basic knowledge of the internet, we have provided a simple guide to completely eliminate the threat of China spying on you or America with your drone.

Security concerns over Chinese drones has only amplified this year. Recently, a data breach was discovered on android devices running DJI Go 4 raising security concerns. Simply put, there have been concerns over data breaches from the far east, for far too long….

Since the beginning of my career in Livin’ The Drone Life, many times early-stage pilots rumored the potential risk of using DJI drones.  Often times my friends and colleagues would mention that there is really only a risk of security concerns in a few scenarios.  While a certain solution had worked for a while, it now seems that a drone user might need a certain level of sophistication to eliminate the problem.

Drone security risks are often lauded as a serious security threat.  Frankly speaking, there is a real concern of drone data being leaked to provide logistical data to foreign adversaries.

Why haven’t more free-thinking American’s have outsmarted this problem by simply eliminating the drone from accessing the internet.

Flying without Big-Brother…

Often times in the drone career, we would take flight in the boating and surfing industry. Often times while producing videos we would face two problems, a lack of internet and hot conditions. In numerous instances, we were inhibited from taking off due to a vital software upgrade warning.  Firmware upgrades would limit my ability to fly unless I upgraded. Often times there was never enough internet service to finish the download and transfer the upgrade to the bird. Let alone face the awkward situation of stopping world class surfers from hitting massive waves while they waited for me to take off.

Quickly, it was easy to learn that the aircraft should not be allowed to access the internet in order to have successful flights. If the application could reach the internet, it would force me to upgrade in various situations or even force an auto-land. While the forced upgrades haven’t caused concern recently, pilots have found a new solution. Simply hacking your drone, as we recently described. But that may not be enough…

Hacking your drone also shuts off the drone’s ability to even check the server for upgrades. No forced upgrades and no inhibiting takeoff from faulty data.  While that is a nice feature to have, it doesn’t solve the risk issue completely.

Drone pilots will often still use their phone or iPad or even crystal sky to view telemetry and the live camera feed.  If your iPhone or iPad allows the DJI applications to receive data, there is still an inherent risk of security.

Drone pilots need to eliminate the security risk by taking a multi-layered approach.  Crystal Sky monitors have offered many drone pilots a useful tool in the heat. Yet rumors swirl of sneaky wifi connecting in the background. (we have no evidence) Again, why allow the problem to exist, just delete any wifi network data from the crystal sky. Never allow the crystal sky to be in range of whatever wifi you used to activate the tablet.

Why are pilots forced to still fly DJI?

Security concerns are rather high, as various agencies have inhibited the use of DJI. Albeit, many of these same agencies can’t complete their jobs without the right bird.  It is easy to assume there are drones that can complete the same jobs as DJI Mavics, DJI Phantom 4 Pro or an Inspire right? Well, not exactly.  There is not a drone that even comes close to the options, flexibility and convenience that DJI products offer.  In addition, DJI drones offer a consistent flight experience that builds user confidence.  While I can’t stand the erroneous TFR warnings and autolandings, that is an easy problem to solve with DJI drones.

Let’s compare the Mavic 2 Pro to say the:

  1. Autel 2 Evo Dual
  2. Anafi USA
  3. Impossible Aerospace Drone
  4. Skydio X2

While the security concerns are elevated with Chinese technology, most foreign and domestic made drones have numerous Chinese made parts.

Which also means the Autel Evo 2 is guilty of being manufactured from Chinese parts. So the Autel is out, unless you control the Evo 2 with just the remote and built in application. If never connected to the internet, you would be safe.  Meaning you never connect your phone to use the app.

Anafi just announced they will not be offering consumer drones anymore. So there’s that.

The impossible Aerospace aircraft comes closest to the features and camera payload of the Mavic 2 Pro. Yet comes in at almost 3x the price, which isn’t scalable.

While the Skydio X2 is the closest offering to the Honda Civic of drones, it won’t be available until Q4 of 2020. So as of right now, it is safe to say, there isn’t a single drone capable of competing with the DJI drones.

This is why pilots are still Flying DJI, the aircraft offer the most features and convenience with consistent flight characteristics.

How to avoid security threats from Chinese drones.

Simply put, no internet ever. Albeit, we’ll layout the individual steps that must be taken to ensure data security.  Our approach in this formula is to take a more hardware centric approach, as that is the only bullet-proof method of avoiding security issues.

How to avoid security risks from any drone: Don’t let the drone communicate to the internet in anyway.

If flying DJI:

  1. Hack the drone using the instructions provided previously to inhibit firmware upgrade searches.
  2. Use a monitor that has no capability of reaching the internet or is never connected to Wifi. Back in the old ages of the drone industry, I would simply use a Flysight Monitor to view the drones camera feed. Connected to the drone remote via HDMI, we could see everything from the video transmission. Typically, the exposure and everything would be set prior to takeoff.  Then simply use the remote to control everything else.
  3. Never use the DJI application for a firmware upgrade or an academy upgrade. (No the DJI points do not matter… Besides if you want to prove your pilot skill come to the obstacle course Maverick.)

To clarify the sequence of events, we’re saying hack the drone immediately to remove any restrictions. Then you want to ensure you use a device that is never connected to the internet. If you want to use the DJI Go application to control your drone. Download the application to an iPod touch.  The iPod touch is specifically used ONLY for drone flying. Once the application is downloaded. Delete whatever wifi network information you connected to. Turn off Wifi. (Store in evidence bag if you want to go full tin hat)

Whether you use an iPod touch or a Fly-Sight monitor, just never allow the device to connect to the internet. Problem Solved.

Frankly it is easy to trust a hardware disconnection much more than any PR language on a app or software. Why? Frankly, it is easy to be humble and be-aware that we simply don’t know, what we don’t know.

After Kevin F’s first leak of DJI data, concerns were starting to be validated.   (Note: if you fly with a fly-sight, chances are you are going to use your phone or an iPad to setup the camera. Ensure your phone is in Airplane mode before you open the App and after you close it…hard close)  Also if you follow him on twitter, he has been releasing new data leaks.

American Drones vs. Chinese Drones

While American ideology shifts towards supply chain independence, often times American products can’t compete with current Chinese offerings. Drones could not be a better example of this problem.  There has yet to be a single drone that can match the price point and feature set of most DJI drones.

Drone pilots recently learned that DOD is actively supporting the American manufacturing of competing drone. Skydio is developing the anticipated X2 which could very much compete with the DJI drones.  We would want to see what is released before we get our hopes up too much more. History has showcased an extreme problem with American drones companies ability to scale-up and manufacture at mass.

In the mean time, just keep flying that Phantom 4 Pro.  Simply put, don’t allow the controlling device to connect to the internet. Don’t upgrade the firmware, and hack the drone so it can’t even search for new firmware.  In all honesty, we truly believe this makes for a safer drone flight as well.  Software cannot be full control of the aircraft at any time.

Thanks, The Flight Crew.

If you’re ready to take your flight operations to the next level, check out the Don’t Crash Course.

 

 

 

0

Add Your Comment