DJI Threat Reduction

PI: Dr. Cameron Patterson

DJI dominates the market for consumer and commercial drones costing over $500.  Their advanced features, economy-of-scale advantages, and easy-to-use software make them a portable and versatile tool for defense personnel.  However, Internet connectivity required for registration, updates, and cloud storage raises the possibility of clandestine data leakage or exfiltration.  The operator’s precise location and activities can be tracked, and all camera data can be recorded and analyzed.  This is one of the latest examples of the dilemma between the attractiveness of commercial technology versus the need to trust that any data collected will remain private.  Drones greatly increase the quality, quantity and value of the information collected by associated applications running on an Internet-connected mobile device. The first phase of this project examined the hardware, firmware, and application architecture of the entry-level DJI Spark drone.  A laptop-hosted man-in-the-middle setup was created to capture and analyze all network traffic between the DJI GO 4 app and the Internet.  Operational recommendations were proposed, along with their tradeoffs.  Finally, a technical solution was proposed that avoids trust in, analysis of, or modifications to DJI or Android software, without imposing undesirable restrictions on drone usage or functionality.  This solution will be developed, demonstrated, and evaluated in the project’s second phase.