Finally! Dept of Homeland Security Issues DRONE Warning

[Barometer]

I've been saying this for YEARS on popular drone forums. And I always got the same response....."Tin Foil Hat"...."Paranoid".
Drones made by DJI explicitly and constantly make network connections that lead back to China. Does it take a Phd to figure it out? But the VAST majority of US drone operators are so eager for that next big update feature, they gladly give China all the access it wants. Never once thinking of the bigger picture. Your backyard may not have anything worth hiding from China, but people fly them next to government installations and other sensitive areas daily. The amount of data from drones flowing back to china is staggering

I really don't understand how so many Americans can be so stupid to be quite frank...but they are.

Another BIG threat that's just beginning to be taken seriously is DVR recorders from China. AND Huawei's networking gear poses a similar spying risk.

The naivete of the American people knows no bounds.

The only country more stupid is Germany. They said they will not take part in the "US assault on Chinese technology".

US warns about alleged spying threat from Chinese-made drones

https://www.foxnews.com/tech/us-warns-about-alleged-spying-threat-from-chinese-made-drones

 

[Zuul]

Why the fuck does a quadcopter have network connectivity in the first place?

 

[IdiotInCharge]

Why the fuck does a quadcopter have network connectivity in the first place?

To control it?

 

[FNtastic]

I'd be interested to see any independent studies done by security experts that show what information is being sent back.

While, I'm personally on the side of taking caution with anything that has network connectivity, I'm also cautious to trust something simply because it's on a major news network. There's too much politics in any of the large networks anymore. This could be a move to simply ban Chinese imports. He's had it out for China since before he was elected. Makes me suspicious that he has a friend, or some other company, that's lining his pockets to get their phones/tech into our market. And, the Chinese market was just too dominant. Playing devil's advocate here...

 

[Biznatch]

To control it?

No.....

 

[x509]

How about a source other than fox entertainment propaganda, who is not surprisingly pushing the same narrative as the WH to distract from the disaster 'easy to win' trade war......

So when is this data flowing back to china? Hell when is the drone ever even connected to the internet to even send the data?........

Folks. Get real here about the relevant Chinese laws. I'm not exactly, shall we say, a Trump supporter. But on the overall China trade issues he is right. He is right to take on the issue of intellectual property theft and forced technology transfers. Of course, he is executing that policy with lots and lots of incompetence, and worse. But those issues have been there for many years.

Please, no comments about my politics. As they (used to say) on the old Usenet, "Flames to /dev/null." If you don't know what the usenet was, do a Google search.

 

[IdiotInCharge]

Still waiting to see when/how the drones are connecting to the internet to even be able to send anything to china....

Drone uses a network connection to talk to your phone as controller --> app on your phone can do whatever it wants with drone data. Really can't see how this is hard to understand.

No, it may or may not be happening. Fun part? It's only one app update / firmware update away, from a company in China that exists at the pleasure of The Party. Yes, if it were a US company, the same would apply to the USG. No, that doesn't make it better- USG surveillance in the US is assumed. Chinese technology that has a direct line to China doesn't mean that the USG cannot access it, but that both the USG and China can access it, largely at will.

So yes, for every nation that isn't China, this is a concern.

 

[Biznatch]

Drone uses a network connection to talk to your phone as controller --> app on your phone can do whatever it wants with drone data. Really can't see how this is hard to understand.

No, it may or may not be happening. Fun part? It's only one app update / firmware update away, from a company in China that exists at the pleasure of The Party. Yes, if it were a US company, the same would apply to the USG. No, that doesn't make it better- USG surveillance in the US is assumed. Chinese technology that has a direct line to China doesn't mean that the USG cannot access it, but that both the USG and China can access it, largely at will.

So yes, for every nation that isn't China, this is a concern.

Using your phone over wifi is basically the worst option for FPV on the DJIs and I doubt very many people are using that..... Neither the remote or FPV goggles use wifi for the connection and offer longer range and higher resolution.... So the WH run DHS has you scared about something that might/could happen with a firmware update (which would also have to make it into the apple/play store), on a feature almost no one uses with these drones...... I'm sure it has nothing to do with the 'national emergency' that has nothing to do withe the dumb escalating/failing trade war.....

 

[IdiotInCharge]

Using your phone over wifi is basically the worst option for FPV on the DJIs and I doubt very many people are using that..... Neither the remote or FPV goggles use wifi for the connection and offer longer range and higher resolution.... So the WH run DHS has you scared about something that might/could happen with a firmware update (which would also have to make it into the apple/play store), on a feature almost no one uses with these drones...... I'm sure it has nothing to do with the 'national emergency' that has nothing to do withe the dumb escalating/failing trade war.....

You're making quite a few assumptions. I'd suggest that you avoid doing so.

Addressing the topic, the drone has a WiFi radio among others. The phone has apps and stack of radios. Any and all of these can be used for signals interception; with multiple drones, they could be used for signals triangulation.

Note that I'm not saying drones are being used this way or that they most definitely will be used this way, just that having the technology in place as it is presents an exploitable vulnerability.

 

[thebufenator]

Biznatch, stop being obtuse just because you don't like the White House. tds.....

Chinese companies engage in spying and theft. That's what they do. Its completely logical that a friggin drone that calls back to its mfg in China could be a threat.

WE ALSO USE DRONES FOR SPYING.

 

[k1pp3r]

Using your phone over wifi is basically the worst option for FPV on the DJIs and I doubt very many people are using that..... Neither the remote or FPV goggles use wifi for the connection and offer longer range and higher resolution.... So the WH run DHS has you scared about something that might/could happen with a firmware update (which would also have to make it into the apple/play store), on a feature almost no one uses with these drones...... I'm sure it has nothing to do with the 'national emergency' that has nothing to do withe the dumb escalating/failing trade war.....

Most DJI's are not FPV. Most are made for photography or stable flight, not fpv flying.

I have seen a lot of DJI's that connect to ipads or phones over a wifi connection for the video stream while the controller uses a normal 2.4 ghz radio.

No my Vortex FPV drone uses totally different tech than the DJI drones and does not connect to anything over wifi

 

[Eickst]

Why does china need a backdoor for this when everyone posts their drone footage on facebook and youtube? It's all publicly accessible most of the time anyway

 

[Rifter0876]

Not surprised. So much tech calls home to china its insane, the fact that no one is worried about this just shows how ignorant the general population is regarding security.

On my local network i employ both a Pi-hole DNS server to eliminate many ads and malware/spyware related sites/ip's as well as geofiltering on my router, i have blocked all china and Russian IP's.

One look at my log files will tell you that there is ALOT of traffic being blocked trying to call home to china from various IoT devices, even my freaking TV's are trying to call home to china.

So personally not only do i believe this article but im shocked more people didnt already assume this was happening, i sure did.

 

[thebufenator]

No no man, Orange Man Bad, and everything his administration does is bad

 

[Biznatch]

You're making quite a few assumptions. I'd suggest that you avoid doing so.

Addressing the topic, the drone has a WiFi radio among others. The phone has apps and stack of radios. Any and all of these can be used for signals interception; with multiple drones, they could be used for signals triangulation.

Note that I'm not saying drones are being used this way or that they most definitely will be used this way, just that having the technology in place as it is presents an exploitable vulnerability.

Just having a Wifi radio doesn't mean anything.... It would have to connect to a device that can act as a proxy giving it internet access to do anything. The app could 'potentially' do that, but it has to be vetted by google/apple to get in the store. Plus there are teams of security people that love to analyze apps to see if they are doing stuff like this. Plus the drones have GPS already, so I have no idea wtf you're talking about with triangulation..... And what possible use could they have for that data even if they were sending it.

Biznatch, stop being obtuse just because you don't like the White House. tds.....

Chinese companies engage in spying and theft. That's what they do. Its completely logical that a friggin drone that calls back to its mfg in China could be a threat.

WE ALSO USE DRONES FOR SPYING.

Yes, china has a history of IP theft. A lot of that is self inflicted by companies moving their manufacturing to a country with no IP laws to cut costs. Neither of those are relevant to the factless fear mongering this thread is about.

And we use MILLITARY drones for 'spying'. Again, irrelevant to the topic.

tds? People that say that are typically the most uninformed. The only thing I'll say about this is you should get out of your echo chamber and expand your sources.

Most DJI's are not FPV. Most are made for photography or stable flight, not fpv flying.

I have seen a lot of DJI's that connect to ipads or phones over a wifi connection for the video stream while the controller uses a normal 2.4 ghz radio.

No my Vortex FPV drone uses totally different tech than the DJI drones and does not connect to anything over wifi

Yes, but this goes back to the app that should be vetted for things like this, with explicity permissions the user agrees to when installing. What do the TOS say about the app sending data back to DJI? What kind of data are they sending (if any)? Again, this would be easy for a security engineer to confirm if this was happening.

 

[IdiotInCharge]

Just having a Wifi radio doesn't mean anything.... It would have to connect to a device that can act as a proxy giving it internet access to do anything. The app could 'potentially' do that, but it has to be vetted by google/apple to get in the store. Plus there are teams of security people that love to analyze apps to see if they are doing stuff like this. Plus the drones have GPS already, so I have no idea wtf you're talking about with triangulation..... And what possible use could they have for that data even if they were sending it.

Your response implies the assumption that perhaps their WiFi radios would behave similarly to ones in phones and laptops and so on. Stop assuming. They'd be able to utilize any unprotected or poorly protected networks for whichever purpose without another device.

Now, the 'app' can obviously be exploited, but I was very specific above as to what type of exploit I was talking about, and the subject is what the app does with drone data. The app may be limited as to what it can do with other data on the phone, but it owns drone data, and that can be spirited off in a myriad of ways that while likely detectable, may not be detected until it's 'too late'.

With triangulation, I'm talking about one or more drones using their GPS receivers and other radios to locate and potentially eavesdrop on other things. Like the 'war driving' of old, consumer drones could be used to build a map of signals and locations.

Yes, but this goes back to the app that should be vetted for things like this, with explicity permissions the user agrees to when installing. What do the TOS say about the app sending data back to DJI? What kind of data are they sending (if any)? Again, this would be easy for a security engineer to confirm if this was happening.

The issue that you are failing to recognize here is that these companies are quite knowledgable about the process that their apps go through and what may and may not be discovered that's outside of the boundaries that Google sets.

This isn't so much of an issue today as it is the potential for exploits to be designed to bypass review and discovery, if even for a short period of time, for a strategic purpose.

 

[k1pp3r]

Yes, but this goes back to the app that should be vetted for things like this, with explicity permissions the user agrees to when installing. What do the TOS say about the app sending data back to DJI? What kind of data are they sending (if any)? Again, this would be easy for a security engineer to confirm if this was happening.

They are vetted, and the app is likely doing exactly what they want it to do.

 

[Biznatch]

Your response implies the assumption that perhaps their WiFi radios would behave similarly to ones in phones and laptops and so on. Stop assuming. They'd be able to utilize any unprotected or poorly protected networks for whichever purpose without another device.

Now, the 'app' can obviously be exploited, but I was very specific above as to what type of exploit I was talking about, and the subject is what the app does with drone data. The app may be limited as to what it can do with other data on the phone, but it owns drone data, and that can be spirited off in a myriad of ways that while likely detectable, may not be detected until it's 'too late'.

With triangulation, I'm talking about one or more drones using their GPS receivers and other radios to locate and potentially eavesdrop on other things. Like the 'war driving' of old, consumer drones could be used to build a map of signals and locations.



The issue that you are failing to recognize here is that these companies are quite knowledgable about the process that their apps go through and what may and may not be discovered that's outside of the boundaries that Google sets.

This isn't so much of an issue today as it is the potential for exploits to be designed to bypass review and discovery, if even for a short period of time, for a strategic purpose.

All of that is a lot of work for data that would be almost useless to them... There are better/easier ways to get more usefull data than hoping the drone will be close enough (<300') to an unsecured hotspot to send gps data and pictures of a hobbyist flying in a park.... Or risking getting their app pulled from all app stores due to it scraping/sending data it wasn't supposed to....


All I'm saying is this is all speculation that is blown WAY out of proportion, and the timing of the announcement is even more suspect. I'm a devops engineer at a software development company and do plenty of security/network engineering. I'm well aware of the risk of shit calling home, and only allow specific devices/outbound traffic on my home network. I don't trust any of the IOT devices, but the 'information' in this article doesn't worry me. There are too many holes/speculation about what could happen over data that would be mostly useless/easier to obtain though other means.

 

[thebufenator]

.... So the WH run DHS has you scared about something that might/could happen with a firmware update (which would also have to make it into the apple/play store), on a feature almost no one uses with these drones...... I'm sure it has nothing to do with the 'national emergency' that has nothing to do withe the dumb escalating/failing trade war.....

Yes, china has a history of IP theft. A lot of that is self inflicted by companies moving their manufacturing to a country with no IP laws to cut costs. Neither of those are relevant to the factless fear mongering this thread is about.

And we use MILLITARY drones for 'spying'. Again, irrelevant to the topic.

tds? People that say that are typically the most uninformed. The only thing I'll say about this is you should get out of your echo chamber and expand your sources.

You are the one who blamed this on Trump and your dislike of his policies

 

[purple_monster]

HARD to say that I AM surprisEd with the GIVEN leadership FROM our CURRENT president THAT our own DEVICES ARE CALLING HOME CHINA ! !!! this is JUST more evidence THAT WE NEED A RETURN TO NORMALCY!!! OBAMA DEVICES WOULD NEVER TALK TO CHINA THANK YOU GOD BLESS SEMPI FIDE!!!

 

[Biznatch]

You are the one who blamed this on Trump and your dislike of his policies

Just pointing out some facts that should be obvious to anyone paying attention. But I'm not saying anymore on that topic.

 

[mnewxcv]

This thread makes it seem like China is the biggest threat to the people of the United States. Ha.

 

[x509]

This thread makes it seem like China is the biggest threat to the people of the United States. Ha.

The biggest foreign economic threat. The biggest external security threat is clearly Russia. The biggest internal security threat is the neo-Nazis and their ilk.

 

[IdiotInCharge]

All of that is a lot of work for data that would be almost useless to them...

Honestly, by asking questions here you out yourself as not being at all qualified as to what would be useful and what would be useless, or why. And I'm not even really talking about what a drones camera records, though that certainly is part of it.

All I'm saying is this is all speculation that is blown WAY out of proportion

Rather, it's taken you by surprise, but it's really been a problem and a concern for quite some time.

The biggest foreign economic threat. The biggest external security threat is clearly Russia. The biggest internal security threat is the neo-Nazis and their ilk.

To expand:

Well, China is the biggest foreign economic threat today, but this brouhaha isn't just about today. Russia is a declining military power that is also a declining economic power and a declining (or stagnating) technology hub. Aside from their immediate military threat, they're expected to fall further and further behind. Putin running the show has pretty much gotten them technologically isolated.

But China- while their growth may be slowing, they're not going to stop growing any time soon, and most of their technology is second only to what is available to the US / Korea / Japan. Much of what they really lack technologically is know-how, and that doesn't come quickly. Having the specifications for the F-35, for example, does not allow them to build one. They still buy Russian aircraft despite operating their own assembly lines that produce copies of said aircraft. They still buy jet engines for their indigenous airliners from US companies. Their own are... trash. But unlike Russia, with similarly high geopolitical aspirations, China actually has the capacity to make real headway, and with respect to their love / hate relationship with the US, they need intelligence. Denying them US technology stunts both their geopolitical progress and reduces their avenues for gathering foreign intelligence.

Further, neo-Nazis are just one category of extremist motivated by hate. Such extremists span ideological views and spectrums, and some aren't really even classifiable except by their plans and actions. We'd be fools to limit our conception of major internal security threats to neo-Nazis or especially to grant them the privilege of being name the 'biggest' threat.

 

[Biznatch]

Honestly, by asking questions here you out yourself as not being at all qualified as to what would be useful and what would be useless, or why. And I'm not even really talking about what a drones camera records, though that certainly is part of it.



Rather, it's taken you by surprise, but it's really been a problem and a concern for quite some time.

That wasn't a question. The only data they could get from a drone would be GPS location and video, from a hobbyist flying around. What part of that data would be useful enough for this amount of effort..... They don't have to 'war drive' for access points, that data is already available online. And even that is useless. They'd be better off using the IOT search engine to find vulnerable devices and exploiting those.....

And no, it hasn't taken me by surprise because this is nothing but speculation. There is no white paper or any actual facts in the article about it being exploited, just that it COULD happen and we should all be scared of chinese products..... In this scenario, the risk would not be worth the 'award', even if they were streamed all data from your drone in real time...... There are so many IOT devices in peoples lives that have access to FAR more usefull data, I don't understand how were so stuck on this nonsense.


I don't own any DJI products, but there is nothing here that would deter me from buying one. If they back it up with facts showing malicious activity going on then we can revisit the topic. Until then it's just more 'distractions' from what's really going on.

 

[IdiotInCharge]

That wasn't a question. The only data they could get from a drone would be GPS location and video

...and that's why you're not qualified to speak on the subject.

There are so many IOT devices

Yeah, IoT is getting the same scrutiny, of which a drone more or less is a limited example of.

 

[Biznatch]

...and that's why you're not qualified to speak on the subject.



Yeah, IoT is getting the same scrutiny, of which a drone more or less is a limited example of.

Well since you're the expert, then do share what other critical private data the drone has access to that we should be so worried about sending to china? I'll wait....


By definition a drone is not an IoT device.... Not even a limited example.....

 

[mnewxcv]

Well since you're the expert, then do share what other critical private data the drone has access to that we should be so worried about sending to china? I'll wait....


By definition a drone is not an IoT device.... Not even a limited example.....

Dude get out of the thread. You aren't qualified!

 

[FNtastic]

https://gizmodo.com/its-about-to-get-much-more-difficult-to-fly-dji-drones-1834959890

Looks like tracking our aircraft will now be a feature too!

 

[IdiotInCharge]

Well since you're the expert, then do share what other critical private data the drone has access to that we should be so worried about sending to china? I'll wait....

It has programmable radios, and with access to GPS, can perform signals intelligence- with more than one drone, basic triangulation of signals is trivial. The data backhaul for such intelligence is miniscule and thus very easy to obfuscate from interception, and the code to do such can be dispersed within firmware to frustrate or even prevent discovery.

We're not talking about spying on American citizens- that's on the table, but not the real threat. We're talking about consumer drones being used as sigint devices for foreign powers in a very automated fashion with very little warning and very few means to immediately detect.

And this isn't 'let's all hate on Chinese products!'; this is a tacit and public recognition of the vulnerabilities present in relying on such products, and the very real threat that exploitable consumer drones represent.

 

[x509]

Honestly, by asking questions here you out yourself as not being at all qualified as to what would be useful and what would be useless, or why. And I'm not even really talking about what a drones camera records, though that certainly is part of it.


Further, neo-Nazis are just one category of extremist motivated by hate. Such extremists span ideological views and spectrums, and some aren't really even classifiable except by their plans and actions. We'd be fools to limit our conception of major internal security threats to neo-Nazis or especially to grant them the privilege of being name the 'biggest' threat.

OK. Alt-right types in general. White identity types. "Aryans." KKK types. People like that are responsible for 3/4 of the deaths due to domestic terrorism.

 

[IdiotInCharge]

OK. Alt-right types in general. White identity types. "Aryans." KKK types. People like that are responsible for 3/4 of the deaths due to domestic terrorism.

Deaths, perhaps. But the threats are miniscule, and that's what we're talking about. And this is mostly people with mental illnesses acting on hate, or just acting out of their own sociopathic motivations. And we're not talking about a statistically significant number of deaths out of total homicides here.

Given the events of the last century, the growing hatred coming from the left represents a tremendous internal threat. These dynamics are shifting quickly, and extremism needs to be taken seriously.

And yes, foreign powers are trying to throw fuel on that fire, and yes, Chinese technology (to include drones) is a real concern.

 

[k1pp3r]

Well this thread really derailed didn't it? We went from talking about drones to Aryans and KKK

 

[FNtastic]

Well this thread really derailed didn't it? We went from talking about drones to Aryans and KKK

This is all totally Networking & Security related

On a serious note, I'd hope the mods move it to General Mayhem for further discussion, rather than locking it.

 

[purple_monster]

hahaha yes! we brought the circus to town!

 

[/dev/null]

Folks. Get real here about the relevant Chinese laws. I'm not exactly, shall we say, a Trump supporter. But on the overall China trade issues he is right. He is right to take on the issue of intellectual property theft and forced technology transfers. Of course, he is executing that policy with lots and lots of incompetence, and worse. But those issues have been there for many years.

Please, no comments about my politics. As they (used to say) on the old Usenet, "Flames to /dev/null." If you don't know what the usenet was, do a Google search.

Please don't send your flame posts to me

 

[AnIgnorantPerson]

I've been saying this for YEARS on popular drone forums. And I always got the same response....."Tin Foil Hat"...."Paranoid".
Drones made by DJI explicitly and constantly make network connections that lead back to China. Does it take a Phd to figure it out? But the VAST majority of US drone operators are so eager for that next big update feature, they gladly give China all the access it wants. Never once thinking of the bigger picture. Your backyard may not have anything worth hiding from China, but people fly them next to government installations and other sensitive areas daily. The amount of data from drones flowing back to china is staggering

I really don't understand how so many Americans can be so stupid to be quite frank...but they are.

Another BIG threat that's just beginning to be taken seriously is DVR recorders from China. AND Huawei's networking gear poses a similar spying risk.

The naivete of the American people knows no bounds.

The only country more stupid is Germany. They said they will not take part in the "US assault on Chinese technology".

US warns about alleged spying threat from Chinese-made drones

https://www.foxnews.com/tech/us-warns-about-alleged-spying-threat-from-chinese-made-drones

Shouldn't we be more concerned about US blowing up American citizens via drones? (1, 2,...) But I guess it takes a PhD to understand the threat in our backyard and how that violates our inalienable rights?

What about the spying by our own county? Who is a bigger threat to your freedom? China or the US government (Hint its the domestic one). Just look at how many our government kills/imprisons vs China.

Never understood how people can't look at things objectively and globally.

 

[GoldenTiger]

HARD to say that I AM surprisEd with the GIVEN leadership FROM our CURRENT president THAT our own DEVICES ARE CALLING HOME CHINA ! !!! this is JUST more evidence THAT WE NEED A RETURN TO NORMALCY!!! OBAMA DEVICES WOULD NEVER TALK TO CHINA THANK YOU GOD BLESS SEMPI FIDE!!!

You never saw that Russian diplomat video where Obama said he'd have more flexibility for Russia after the election in 2012 did you?

 

[AnIgnorantPerson]

You never saw that Russian diplomat video where Obama said he'd have more flexibility for Russia after the election in 2012 did you?

dude his post was pure sock puppet or trolling...I am hoping trolling. Also, Obama was the first President to start murdering Americans via his signature and Obama phones...just saying.