Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 24th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2018 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at

Please visit the sponsor!
Please visit the sponsor!

A million eyes for China

16 August 2017

Drones are big and in the world of drone manufacturing, China is the clear global leader.

And the biggest of the big is DJI, a Chinese company which makes the world's most popular and instantly recognisable family of consumer and prosumer drones: the Phantom, Mavic and now the tiny Spark.

Of course DJI is raking in huge amounts of money from the boom in recreational drone sales but the real value to China may go far beyond the export earnings these craft create.

In fact, there is now significant concern within certain circles that these drones constitute a huge security hole in the USA's defense of its critical infrastructure and key military assets.

The concern is so great in fact, that the USA Army has now placed significant restrictions on the use of DJI products within its ranks./

But wait... there's more, much more...

A number of informed experts have voiced their concern over the fact that DJI's products regularly send telemetry and other data to "the cloud" and that some of the servers from which that cloud is created are in China. In fact I've blogged about this before -- but recently, even more worrying possibilities have arisen.

It may not just be DJI who are spying on the data that these drones return to the cloud.

This Register story hints at the other vulnerabilities within the DJI Go app which may provide back-door access to this data by third parties, who may have nefarious intent.

Because these vulnerabilities allow for undetected "hot patching" of code by those who control third-party libraries being used, the potential for mischief is enormous.

Yes, the same vulnerabilities apply to any app which has been baked with these libraries but in the case of drone apps the potential for critical infrastructure information to be relayed to unrelated third parties is huge.

Imagine that a certain malevolent party is interested in what's going on at a specific location within the USA and they have access to what is effectively a back-door to the DJI app which runs on your phone...

All they have to do is "push" out a bit of code that monitors the GPS coordinates of every drone being flown with this app in the USA. When this code detects that you are flying a drone within the prescribed region it becomes a simple matter to have it send the video and other data related to that flight to the bad-actor's servers via the phone's data or wifi connection.

Far more effective, simpler and quicker than relying on spy satellite imagery and also incredibly covert. If the app sends every 100th frame to the cloud then most folk wouldn't even notice the hit on their data -- yet those frames could provide incredibly valuable information to a foreign nation or player.

If you look at the code running already as part of the DJI Go app you can see some worrying field names and a rather concerning database schema in effect. Clearly this app already has the *potential* to send everything your drone and your phone sees and hears to the cloud if/when it is deemed important to do so.

Wow... imagine the strategic and economic value of having millions of "eyes in the sky" from which you could covertly pluck images, video and audio (even conversations taking place between the drone operators as picked up by the phone's microphone).

It's now easy to see why the US Army are so worried -- but that's the least of the problem.

In theory, every person with a DJI drone could unknowingly be acting as a spy for China or some other third party who has taken control of the app used when flying these craft.

Perhaps we can now see why so many countries are enacting such draconian regulations as to where these things can be flown. If you can't stop the "leakage" of the data they collect then perhaps the only solution is to restrict where they can be flown so as to make that data less relevant and valuable.

Of course this is largely speculation at this stage -- but let's face it, in today's world all the important decisions are driven by paranoia so you can expect to see even more lunatic restrictions being enacted.

And of course, let's not forget, that *everybody's* phones are also a potential spying tool for the "enemy". That selfie you took in front of an important (strategic) location might also be of great value to someone with evil intent. So what are we going to do about that?

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column

Rank This Aardvark Page


Change Font

Sci-Tech headlines



Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam


Recent Columns

Over-regulation proven?
Pay attention, there will be an exam at the end of class today!...

Another get out of jail free card?
Nicky Hager has quite rightly received an award of "substantial damages" against police for the "unlawful" raid on his home back in October 2014...

Ah... symptomatic relief!
Yesterday I felt like crap. Runny nose, headache, coughing fits -- you name it, I was "enjoying" its effects...

Vaccinations... bah!
Some weeks ago I got my annual flu vaccine...

Life on Mars?
NASA has announced that it has found "organic molecules" on Mars...

A tale of two tech stories
What do you do when you're sure you have a brilliant technology-based idea and want to turn it into a successful commercial product?...

When we don't need oil
"Big Oil" is the subject of many conspiracy stories...

The sound of silence
I dipped into the archive of very old New Zealand publications again over the weekend and noticed something very interesting...

UFB, routers and internet banking
Welcome to the first day of winter... unless you're one of those who believe that winter doesn't truly start until the solstice...

Up to our eyeballs in recycling?
Recycling has become a way of life for most Kiwis...

It's been a while... another drone rant
It's been a while since I had a bit of a rant about drones and drone regulations...