App for drones used by police contains security weakness: re…

An app that controls Chinese-made consumer drones, used by some police forces including the NYPD, contains a security weakness that could allow users’ personal information to be exploited, according to a report on Thursday.

The app on Google’s Android devices used to operate the popular drones made by China-based Da Jiang Innovations collects large amounts of personal data that could fall into the hands of Chinese Communist Party officials, the New York Times reported, citing cybersecurity researchers.

The Pentagon has banned the use of DJI’s drones because of “cyber vulnerabilities” and the US Interior Department has grounded their fleet of the devices.

The Department of Homeland Security has warned US police that surveillance drones made by DJI are “at risk” of having their data intercepted, The Post learned last month.

The department’s Cybersecurity and Infrastructure Security Agency expressed its concern in a letter in late June to House Judiciary Committee Chairman Jerry Nadler (D-NY).

DJI is the world’s top commercial drone maker. The company loaned aircraft to US police departments to monitor residents during the coronavirus pandemic.

CISA Director Christopher Krebs wrote to Nadler that “any information collected by DJI drones should be considered at risk and protected from inadvertent disclosure.

“Additionally, departments are discouraged from using DJI donated drones for non-COVID-19 law enforcement operations that involve the collection of sensitive information,” he wrote.

The NYPD uses at least 14 drones made by DJI, according to a December 2018 web entry. On April 7, the Elizabeth, NJ, police department wrote on Facebook that it would be using loaned DJI drones to locate social gatherings amid the coronavirus outbreak and issue fines.

“Every Chinese technology company is required by Chinese law to provide information they obtain, or information stored on their networks, to Chinese authorities if requested to do so,” William R. Evanina, director of the National Counterintelligence and Security Center, told the Times.

“All Americans should be concerned that their images, biometrics, locational and other data stored on Chinese apps must be turned over to China’s state security apparatus,” he said.

The US government has been issued warnings about Beijing’s ability to take advantage of weaknesses in technology to access users’ sensitive information.

Chinese companies must hand over information if requested by the government.

The report said the research companies discovered that the app collected data from the phones and that DJI can update it without Google reviewing the changes.

And even when the app appears to be closed, it could still be able to receive transmissions.

“The phone has access to everything the drone is doing, but the information we are talking about is phone information,” said Tiphaine Romand-Latapie, an engineer at Synacktiv, which conducted a review. “We don’t see why DJI would need that data.”

A DJI spokesman said the forced upgrades are used to foil would-be hackers.

“This safety feature in the Android version of one of our recreational flight control apps blocks anyone from trying to use a hacked version to override our safety features, such as altitude limits and geofencing,” Brendan Schulman, a DJI spokesman, said in a statement.

A Google spokesman said the company was reviewing the claims.

Previous Pittsburgh-based company to use innovative cutting-edge dron…
Next DroneShield Announces New Contract, Record Results

Check Also

Local tech company expanding with new building in downtown F…

FRESNO, Calif. (KFSN) — A Fresno tech and educational company is expanding. Quiq Labs held …

Editorial: Fine-tune drone policy-Telangana Today

As a sizable percentage of India’s drones continue to be imported, there is a need …