The United States Interior Department is grounding its fleet of more than 800 drones over concerns that the Chinese is using the devices to spy or facilitate cyberattacks, according to the Wall Street Journal.
There have been growing concerns among military and Homeland Security officials that the UAVs, which are made in China or consist of Chinese-made parts, are gathering sensitive information for the Chinese government.
[...] DJI told Gizmodo in a statement that the company is "disappointed to learn of this development," adding that it has "worked with the Department of Interior to create a safe and secure drone solution that meets their rigorous requirements, which was developed over the course of 15 months with DOI officials, independent cybersecurity professionals, and experts at NASA."
[...] Last month a bipartisan group of lawmakers introduced a bill aiming to block federal agencies from purchasing UAVs from China. "China has stolen sensitive drone technology from America's businesses and military for years, and now sells it back to us from a dominant position in the commercial drone market," said one of the bill's sponsors, Senator Tom Cotton, said in a statement at the time. "Relying on drones made by our adversaries is a clear risk to our national security."
US Interior Department Grounds Drone Fleet
(Score: 1, Interesting) by Anonymous Coward on Friday November 01 2019, @07:25AM (1 child)
Would be to require that any, and all, device manufacturers who create devices that connect to the internet are required to:
1) Locally log all transmitted data in a plain text format persisted for at least some period of time (e.g. - 1 week)
2) Make their transmission protocol completely open source
This would enable one to verify the authenticity of a connection by simply sniffing transmitted data and contrasting it against what would have been sent given the logged data.
(Score: 4, Insightful) by lentilla on Friday November 01 2019, @11:00AM
Not a bad idea - but before legislating consider the unintended consequences. Here are the two consequences that come to my mind immediately:
(Score: 2) by bradley13 on Friday November 01 2019, @08:45AM (3 children)
The worry is that the drones are transmitting secret information back to the mothership. Call me naive, but I don't see how that can be an issue. Don't provide drones with their own SIM card, so that any data they transmit is sent to the controller, which also shouldn't have a SIM card, but just be hooked to computers that you control. If it's in some sort of network, firewall it to block any outgoing traffic. The government should be taking these precautions anyway, not just with Chinese equipment, if they are doing anything sensitive.
Everyone is somebody else's weirdo.
(Score: 5, Interesting) by zocalo on Friday November 01 2019, @10:15AM (2 children)
The exception to this would be where the UAV is operating over a sensitive area, e.g. a military installation. Someone with the right equipment and able to get within range could definitely eavesdrop on the RF or WiFi being broadcast from the aircraft to the RC, and the control signals going the other way - DJI even markets a product to do some of this; it's called Aeroscope [dji.com], and it was almost certainly deployed during the disruption at Gatwick last Christmas. That information flow would include real time telemetry, including a live video feed from the drone being sent back to the RC, which could potentially reveal details of an installation that are at far higher resolution than what might be obtained via other means. Even so, and regardless of whether the Interior Dept. flies their UAVs over such areas, grounding their entire fleet still seems less prudent move and more knee-jerk hysteria.
UNIX? They're not even circumcised! Savages!
(Score: 0) by Anonymous Coward on Friday November 01 2019, @07:50PM (1 child)
You say "anti-China FUD" with negative connotations, but you need to make a convincing case that this isn't true. The FUD argument is grounded in the well established Chinese government practice of IP theft and forced IP transfer. It has been their overt behavior for decades, which pretty much every country in the world has complained about. There is no clear separation between the government and businesses in China. And regardless of whatever whataboutisms you want to throw out there to justify their behavior, nobody trusts Chinese businesses to be independent of their government. It sucks for any Chinese business who isn't tied at the hip to the government, but that's the reality their government has put them in.
(Score: 2) by zocalo on Friday November 01 2019, @11:10PM
Unless, of course, they are supposed to have stolen the tech to covertly send data home as well - in which case, "glass houses" probably applies since it would most likely have been from one of the Five Eyes or similar, with the NSA being the most probable original source, no? Also, as noted in my example of where the decision to ground the drones would be prudent, DJI openly *sell* a product that captures data from drones; if you're trying to covertly exfiltrate data then drawing attention to the "how" and "what" seems a pretty strange way to go about it. Aeroscope's very existence is pretty much a huge neon sign that says if you're flying drones over sensitive locations and you do not have 100% control over the content of the transmissions it's broadcasting then you deserve everything you get.
UNIX? They're not even circumcised! Savages!
(Score: 2) by MostCynical on Friday November 01 2019, @09:24AM (1 child)
800 commercial drones. Over $USD 1 million, but nowhere near a big enough budget for custom firmware, let alone custom drones.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Interesting) by TheGratefulNet on Friday November 01 2019, @01:23PM
betaflight, inav, pixhawk firmware, pick what you want from FREE open source software and firmware. audit all you like.
why the fuck do we buy chinese products with THEIR firmware? that's just plain dumb. its not like there isn't already FOSS stuff that does all you'd need (manual control, full mission control, racing style, you name it).
DJI sucks as a company. a friend bought a nice expensive dji with a hasselblad camera on it. it wouldn't lift off, at work (we're too close to san jose, meaning, airport). its geo list had a 'do not fly' feature in it and the only way we could be sure was to take it inside, block its gps and then it would lift off. nearly $2k drone and you have to play by ITS rules.
my drones use flight controllers that are $50 F4 arm, all open source; base station transmitter is open-tx (yes, foss, too). all auditable. no 'no fly zones' built in. and if any creep in, you can use your own firmware; nothing is forced for upgrades!
puzzles me why, if I know this (and I'm no pro), why THEY don't know this. something seems amiss, to me. only clueless amateurs buy DJI and that's the main problem brand. if you roll your own, there are no worries, period!
"It is now safe to switch off your computer."
(Score: 4, Insightful) by Rupert Pupnick on Friday November 01 2019, @10:14AM (2 children)
Get some vetted US hardware experts and call a design review with DJI.
(Score: 0) by Anonymous Coward on Friday November 01 2019, @12:11PM (1 child)
Agreed that it isn't that hard to work out a solution that would work OK for you and me.
Now, think about distributing this in the field. Who works for the Interior Department (hint, they aren't CS grads, hell, they aren't even rocket scientists), and, will they be willing to put up with any kind of inconvenience that arises from secure practices?
(Score: 2) by TheGratefulNet on Friday November 01 2019, @01:26PM
flashing is just connecting the flight controller to usb, entering a mode, doing something on a connected host and rebooting the target.
it can be made simple, though.
this is not the hard part. (I don't know what the hard part is; its all easy shit, really)
"It is now safe to switch off your computer."
(Score: 2) by shortscreen on Friday November 01 2019, @02:58PM
I realize this may be just more unsubstantiated China FUD, but am I supposed to be disappointed that the feds might NOT be flying drones all over the place? Was the announcement of the grounded drones accompanied by a request for additional $billions in the budget to buy helicopters instead, perhaps?