The memo cites a report from the Army Research Laboratory and a memo from the US Navy, both compiled in May, that reference operational risks and vulnerabilities with DJI products. Security concerns with DJI drones were the topic of an article published by sUAS News in May, which pointed out that with DJI UAVs, the default settings of the DJI GO 4 app are to upload details of flight records — including telemetry, video and audio — to servers located in the US, China and Hong Kong. While it’s extremely unlikely that the Army is unwittingly uploading its flight details to DJI servers, recently exploited security shortcomings may have been enough to make the military rethink its use of DJI’s technology. For example, hackers have recently shown how it easy is to get around DJI’s geofenced no fly zones and height restrictions.
A spokesperson for DJI told Engadget, “We are surprised and disappointed to read reports of the U.S. Army’s unprompted restriction on DJI drones as we were not consulted during their decision. We are happy to work directly with any organization, including the US Army, that has concerns about our management of cyber issues. We’ll be reaching out to the US Army to confirm the memo and to understand what is specifically meant by ‘cyber vulnerabilities.'”
We also reached out to the US Army and a spokesperson told us they could confirm the memo was issued but because the Army is currently reviewing the guidance, they couldn’t comment further.