Aardvark Daily

New Zealand's longest-running online daily news and commentary publication, now in its 24th year. The opinion pieces presented here are not purported to be fact but reasonable effort is made to ensure accuracy.

Content copyright © 1995 - 2018 to Bruce Simpson (aka Aardvark), the logo was kindly created for Aardvark Daily by the folks at

Please visit the sponsor!
Please visit the sponsor!

A million eyes for China

16 August 2017

Drones are big and in the world of drone manufacturing, China is the clear global leader.

And the biggest of the big is DJI, a Chinese company which makes the world's most popular and instantly recognisable family of consumer and prosumer drones: the Phantom, Mavic and now the tiny Spark.

Of course DJI is raking in huge amounts of money from the boom in recreational drone sales but the real value to China may go far beyond the export earnings these craft create.

In fact, there is now significant concern within certain circles that these drones constitute a huge security hole in the USA's defense of its critical infrastructure and key military assets.

The concern is so great in fact, that the USA Army has now placed significant restrictions on the use of DJI products within its ranks./

But wait... there's more, much more...

A number of informed experts have voiced their concern over the fact that DJI's products regularly send telemetry and other data to "the cloud" and that some of the servers from which that cloud is created are in China. In fact I've blogged about this before -- but recently, even more worrying possibilities have arisen.

It may not just be DJI who are spying on the data that these drones return to the cloud.

This Register story hints at the other vulnerabilities within the DJI Go app which may provide back-door access to this data by third parties, who may have nefarious intent.

Because these vulnerabilities allow for undetected "hot patching" of code by those who control third-party libraries being used, the potential for mischief is enormous.

Yes, the same vulnerabilities apply to any app which has been baked with these libraries but in the case of drone apps the potential for critical infrastructure information to be relayed to unrelated third parties is huge.

Imagine that a certain malevolent party is interested in what's going on at a specific location within the USA and they have access to what is effectively a back-door to the DJI app which runs on your phone...

All they have to do is "push" out a bit of code that monitors the GPS coordinates of every drone being flown with this app in the USA. When this code detects that you are flying a drone within the prescribed region it becomes a simple matter to have it send the video and other data related to that flight to the bad-actor's servers via the phone's data or wifi connection.

Far more effective, simpler and quicker than relying on spy satellite imagery and also incredibly covert. If the app sends every 100th frame to the cloud then most folk wouldn't even notice the hit on their data -- yet those frames could provide incredibly valuable information to a foreign nation or player.

If you look at the code running already as part of the DJI Go app you can see some worrying field names and a rather concerning database schema in effect. Clearly this app already has the *potential* to send everything your drone and your phone sees and hears to the cloud if/when it is deemed important to do so.

Wow... imagine the strategic and economic value of having millions of "eyes in the sky" from which you could covertly pluck images, video and audio (even conversations taking place between the drone operators as picked up by the phone's microphone).

It's now easy to see why the US Army are so worried -- but that's the least of the problem.

In theory, every person with a DJI drone could unknowingly be acting as a spy for China or some other third party who has taken control of the app used when flying these craft.

Perhaps we can now see why so many countries are enacting such draconian regulations as to where these things can be flown. If you can't stop the "leakage" of the data they collect then perhaps the only solution is to restrict where they can be flown so as to make that data less relevant and valuable.

Of course this is largely speculation at this stage -- but let's face it, in today's world all the important decisions are driven by paranoia so you can expect to see even more lunatic restrictions being enacted.

And of course, let's not forget, that *everybody's* phones are also a potential spying tool for the "enemy". That selfie you took in front of an important (strategic) location might also be of great value to someone with evil intent. So what are we going to do about that?

Please visit the sponsor!
Please visit the sponsor!

Have your say in the Aardvark Forums.

PERMALINK to this column

Rank This Aardvark Page


Change Font

Sci-Tech headlines



Beware The Alternative Energy Scammers

The Great "Run Your Car On Water" Scam


Recent Columns

Time, the ultimate creator
No, I haven't been smoking the wacky-baccy or indulging in mind-altering substances (beyond a glass of wine with my dinner) but you might think so after reading today's column...

Peak smartphone?
There was a time when many of us upgraded our PCs every couple of years because the technology was moving at such a fast pace that you'd see a significant improvement in power and performance with each new machine...

BBC resorts to clickbait
Sigh... clickbait and fake news are the stock and trade of the mainstream media these days and it appears that even the (once) almighty BBC are engaged...

A *billion* dollar idea
As I mentioned in my last column, Google has now equipped its Chrome browser with the ability to defeat the worst in aggressive advertising formats on the Web...

Chrome anti-competitive?
Google's Chrome browser now has a feature that will reportedly stop 97 percent of all those really annoying ads from interrupting your browsing experience...

What ever happened to fuel cells?
Electric vehicles are set to become the next big thing...

Can you sense the frustration?
When the current CEO of the South Waikato District Council took up his position several years ago, I invited him to my studio-workshop to discuss how I could help promote the district he now managed...

Is now a good time to wait?
I ran a CPU benchmark on my video rendering machine last night and was gobsmacked at how much slower it is than "state of the art" silicon...

Beyond a joke
Yes, today's column is another of those boring gripes about CAA and drones...

Plastic, a bigger threat than climate change?
A regular reader sent me an email the other day containing a link to a worrying report that everyone should read...

Babies versus boosters, no contest
Yesterday was a fantastic day for any geek, space enthusiast or anyone who has the heart and imagination of a little boy...