Google
 

Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 23rd year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2017 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at aardvark.co.uk



Please visit the sponsor!
Please visit the sponsor!

A million eyes for China

16 August 2017

Drones are big and in the world of drone manufacturing, China is the clear global leader.

And the biggest of the big is DJI, a Chinese company which makes the world's most popular and instantly recognisable family of consumer and prosumer drones: the Phantom, Mavic and now the tiny Spark.

Of course DJI is raking in huge amounts of money from the boom in recreational drone sales but the real value to China may go far beyond the export earnings these craft create.

In fact, there is now significant concern within certain circles that these drones constitute a huge security hole in the USA's defense of its critical infrastructure and key military assets.

The concern is so great in fact, that the USA Army has now placed significant restrictions on the use of DJI products within its ranks./

But wait... there's more, much more...

A number of informed experts have voiced their concern over the fact that DJI's products regularly send telemetry and other data to "the cloud" and that some of the servers from which that cloud is created are in China. In fact I've blogged about this before -- but recently, even more worrying possibilities have arisen.

It may not just be DJI who are spying on the data that these drones return to the cloud.

This Register story hints at the other vulnerabilities within the DJI Go app which may provide back-door access to this data by third parties, who may have nefarious intent.

Because these vulnerabilities allow for undetected "hot patching" of code by those who control third-party libraries being used, the potential for mischief is enormous.

Yes, the same vulnerabilities apply to any app which has been baked with these libraries but in the case of drone apps the potential for critical infrastructure information to be relayed to unrelated third parties is huge.

Imagine that a certain malevolent party is interested in what's going on at a specific location within the USA and they have access to what is effectively a back-door to the DJI app which runs on your phone...

All they have to do is "push" out a bit of code that monitors the GPS coordinates of every drone being flown with this app in the USA. When this code detects that you are flying a drone within the prescribed region it becomes a simple matter to have it send the video and other data related to that flight to the bad-actor's servers via the phone's data or wifi connection.

Far more effective, simpler and quicker than relying on spy satellite imagery and also incredibly covert. If the app sends every 100th frame to the cloud then most folk wouldn't even notice the hit on their data -- yet those frames could provide incredibly valuable information to a foreign nation or player.

If you look at the code running already as part of the DJI Go app you can see some worrying field names and a rather concerning database schema in effect. Clearly this app already has the *potential* to send everything your drone and your phone sees and hears to the cloud if/when it is deemed important to do so.

Wow... imagine the strategic and economic value of having millions of "eyes in the sky" from which you could covertly pluck images, video and audio (even conversations taking place between the drone operators as picked up by the phone's microphone).

It's now easy to see why the US Army are so worried -- but that's the least of the problem.

In theory, every person with a DJI drone could unknowingly be acting as a spy for China or some other third party who has taken control of the app used when flying these craft.

Perhaps we can now see why so many countries are enacting such draconian regulations as to where these things can be flown. If you can't stop the "leakage" of the data they collect then perhaps the only solution is to restrict where they can be flown so as to make that data less relevant and valuable.

Of course this is largely speculation at this stage -- but let's face it, in today's world all the important decisions are driven by paranoia so you can expect to see even more lunatic restrictions being enacted.

And of course, let's not forget, that *everybody's* phones are also a potential spying tool for the "enemy". That selfie you took in front of an important (strategic) location might also be of great value to someone with evil intent. So what are we going to do about that?

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column


Rank This Aardvark Page

 

Change Font

Sci-Tech headlines

 


Features:

Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam

 

The Missile Man The Missile Man book

Recent Columns

Should we be worried?
Apparently we're about to enter a period of increased seismic activity...

The Amazon tax
Last week there were claims by a member of the new Labour-led government that NZ would be following Australia's lead and introducing an "Amazon tax"...

Free speech versus $$$
The early days of our wired community are slowly slipping away...

Hype or vision of the future?
Take a look at this video. Is this hype or a worrying window into the future?...

I am part of a new trend
About a year ago I was diagnosed with Parkinson's...

Ignorance and incompetence rulez!
As regular readers will know, I have a workshop at the Tokoroa Airfield...

Technology vs grunts
War in the 21st century is a far cry from the battles of WW1 and WW2...

OMG... the silver Aardvarkians
I'm getting old...

Do I fail the geek test?
I used to be a geek. No, actually, I was an uber-geek...

It's elf and safety mate!
As we all know, in the wake of the Pike River mine tragedy of 2010, the government introduced what can only be described as "knee-jerk" over-reactionary legislation that has ruined forever many of the freedoms that Kiwis enjoyed and treasured...

Is our future in tech?
Australia calls itself "the lucky country" but I think they're only the second luckiest country. New Zealand must surely outrank the West Isle when it comes to luckiness...