dji4321234's comments

He has a very checkered history with "hacking" things.

He tends to build heavily on the work of others, then use it to shamelessly self-promote, often to the massive detriment of the original authors. His PS3 work was based almost completely on a presentation given by fail0verflow at CCC. His subsequent self-promotion grandstanding world tour led to Sony suing both him and fail0verflow, an outcome they were specifically trying to avoid: https://news.ycombinator.com/item?id=25679907

In iPhone land, he decided to parade around a variety of leaked documentation, endangering the original sources and leading to a fragmentation in the early iPhone hacking scene, which he then again exploited to build on the work of others for his own self-promotion: https://news.ycombinator.com/item?id=39667273

There's no denying that geohotz is a skilled reverse engineer, but it's always bothersome to see him put onto a pedestal in this way.

My summary of DJI apps, which I have extensively reverse engineered, is:

If you opt into DJI's Flight Record Sync service, you send them your flight records. If you send DJI the additional logs they request for a warranty claim, you send them basically every imaginable bit of data from your drone. Both of these things make sense intuitively.

Overall, DJI appear to be earnestly attempting to respect data privacy, especially in their newer apps, DJI Fly and DJI Pilot 2. DJI Fly overall attempts to honor the user's flight analytics and flight log transfer preferences. DJI Pilot 2 in Local Data Mode genuinely stops using the network entirely. DJI's newer "Clear All Data" feature genuinely (but insecurely) erases all stored historic flight and user data on a drone and controller. DJI's efforts towards obfuscation seem generally directed at preventing reverse-engineering by their competitors, not hiding CCP malware.

HOWEVER:

DJI are a hardware company and lack competence in the software space, so they frequently make egregious mistakes which expose users to information disclosure or device security issues. This is especially bad in their older apps (DJI Go and DJI Pilot 1). They occasionally ship third-party libraries containing their own analytics and forget to disable these third-party analytics. Their information security practice seems quite bad overall, including a very prominent leak where all of their AWS data was downloaded in 2017, including synced flight logs, warranty logs, and app telemetry data.

DJI's consumer apps (DJI Fly) are loaded with product-manager-requested mobile app telemetry, as are most American phone apps of all kinds, and require app login to activate a drone. This enables powerful cross-correlation against a user's activities in the app. Sufficiently advanced telemetry is indistinguishable from surveillance malware. There is no evidence of a massive conspiracy where DJI are trying to siphon data to the CCP, but a malicious actor with access to their mobile app analytics dashboard could definitely infer a lot more information than a sensitive customer would like to disclose, including locations where the app was used, with what drone model and for how long it was used for, and whether or not special no-fly zone authorization was requested from DJI.

My summary of DJI is:

I would use a modern DJI drone, enterprise or consumer, in a casual home or business application. However, I would only use a DJI drone with DJI Remote Controllers (which are Android tablets), not my own phone. I would activate the drone, then forget the WiFi network I used to activate it. This provides an end-run around the product telemetry features present in the app, and avoids security issues on your local device introduced by DJI's poor programming practice.

DJI Enterprise hardware and software genuinely attempts to provide offline functionality. I would use it with one of the professional standalone RC units, even in a moderately sensitive situation (say, Law Enforcement use), after auditing one specific app version's behavior (to ensure they didn't accidentally introduce a library with telemetry enabled, which they've been known to do).

Also, be aware that all DJI drones broadcast a local proprietary beacon, sometimes referred to as Drone ID or Aeroscope (not to be confused with US Remote ID standards), containing drone serial number and current location data. On newer consumer drones, this broadcast is encrypted. Regardless, it should be assumed that if you are flying a DJI drone, it can and will be tracked by nearby parties. This should be assumed for any drone, realistically. In the usual use case, you are controlling a giant RF emitter using another giant RF emitter.

> But let's not pretend that facebook et al + Google + Apple are any different.

Were we pretending this? Was anyone pretending this? It would likewise be quite wise for China to ban the use of products made by these companies in their own sensitive federal applications, and my understanding is that broadly, they have.

> pull packets from transmitting drones and redisplay them without transmitting to the drone

You can see what happens when you try this by putting DJI FPV Goggles in Audience Mode. It's horrible and not suitable for flying. The DJI link is fundamentally two-way and aggressively uses sounding and HARQ.

The solution to flying with DJI FPV users at your field is to not use Raceband 6 at all (DJI uses this for link negotiation), and otherwise look up the Raceband to DJI correlation chart and allocate separate channels as usual.

Very old DJI drones were 5Mhz WiFi (Atheros). Newer ones are LTE based (OcuSync).

It's called DUML/DUSS, there's a lot of documentation about it in http://github.com/o-gs/dji-firmware-tools

DJI OcuSync is based on LTE: https://www.suasnews.com/2022/05/the-dji-p1-and-s1-fpv-chips... is an example of more information.

This is a major advantage DJI and other Chinese drone makers have over US based ones. Technically acquiring an SDR/DSP implemented LTE baseband is not a major difficulty. Getting Qualcomm to let you is quite a challenge.

Looking at FCC listings and product pages you can tell that DJI are also throwing power at the problem. The EIRP on DJI devices is very high. They go up to 33dBm (2W EIRP) on the most modern devices like the Mini 4 Pro.