MinorTom
lvl.1
United States
Offline
|
I am extremely disappointed to learn from this March 2, 2023 Wired Magazine article: wired.com/story/dji-droneid-operator-location-hacker-tool that every DJI quadcopter broadcasts its operator’s position via radio, in the clear, completely unprotected. This violates not only pilot privacy, but also potentially their safety.
The article makes clear that this security flaw and the ability to exploit it is not theoretical, that it can be done very cheaply and easily, and has been real-world demonstrated.
To the extent that a customer is in a position to make demands, I demand that you encrypt all transmission data that includes location. This key should be regenerated and sync'd as step 1 of any new connection between aircraft and controller.
Even if one feels there is a legitimate public safety argument to be made for leaving flight location data unencrypted, no such argument applies to broadcasting the pilot location. That can only serve to assist those who would seek to harass or harm a pilot.
This has nothing to do with the "Remote ID" requirements which become mandatory for most drone operation in the US later this year. The argument that Remote ID will also make that data available in the clear ignores the fact that pilots operating <250g drones for purely recreational purposes are not required to comply with Remote ID.
Which brings me to a second point. My understanding is that in Remote ID compliant models, the FAA prohibits disabling (even temporarily) the Remote ID signal, even if the flight involves a pilot and drone not required to comply with Remote ID.
Therefore DJI should offer non "Remote ID" compliant versions of <250g models such as the Mini 3 and Mini 3 Pro, for use by purely recreational pilots who prefer not to broadcast their location to the world.
Even if one accepts that DJI Spokesman Adam Lisbert was not lying, but was misinformed when he denied the data was unencrypted, a statement that was walked back after being proven false, it is time for DJI to take action. You must assure your customers that you respect their safety and privacy, and that such respect will be reflected in the specifications of your products. Trust lost is hard to win back.
|
|