Finally! Dept of Homeland Security Issues DRONE Warning

Discussion in 'Networking & Security' started by Barometer, May 21, 2019.

  1. Barometer

    Barometer [H]Lite

    Messages:
    88
    Joined:
    Mar 25, 2012
    I've been saying this for YEARS on popular drone forums. And I always got the same response....."Tin Foil Hat"...."Paranoid".
    Drones made by DJI explicitly and constantly make network connections that lead back to China. Does it take a Phd to figure it out? But the VAST majority of US drone operators are so eager for that next big update feature, they gladly give China all the access it wants. Never once thinking of the bigger picture. Your backyard may not have anything worth hiding from China, but people fly them next to government installations and other sensitive areas daily. The amount of data from drones flowing back to china is staggering

    I really don't understand how so many Americans can be so stupid to be quite frank...but they are.

    Another BIG threat that's just beginning to be taken seriously is DVR recorders from China. AND Huawei's networking gear poses a similar spying risk.

    The naivete of the American people knows no bounds.

    The only country more stupid is Germany. They said they will not take part in the "US assault on Chinese technology".

    US warns about alleged spying threat from Chinese-made drones

    https://www.foxnews.com/tech/us-warns-about-alleged-spying-threat-from-chinese-made-drones
     
    Last edited: May 21, 2019
    GoldenTiger, rageFIST and Farva like this.
  2. Zuul

    Zuul Gawd

    Messages:
    838
    Joined:
    Jan 7, 2013
    Why the fuck does a quadcopter have network connectivity in the first place?
     
  3. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,865
    Joined:
    Jun 13, 2003
    To control it?
     
    Ocellaris likes this.
  4. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,346
    Joined:
    Jul 6, 2013
    I'd be interested to see any independent studies done by security experts that show what information is being sent back.

    While, I'm personally on the side of taking caution with anything that has network connectivity, I'm also cautious to trust something simply because it's on a major news network. There's too much politics in any of the large networks anymore. This could be a move to simply ban Chinese imports. He's had it out for China since before he was elected. Makes me suspicious that he has a friend, or some other company, that's lining his pockets to get their phones/tech into our market. And, the Chinese market was just too dominant. Playing devil's advocate here...
     
    Silentbob343 and KATEKATEKATE like this.
  5. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,210
    Joined:
    Nov 16, 2009

    No.....
     
  6. x509

    x509 [H]ard|Gawd

    Messages:
    1,694
    Joined:
    Sep 20, 2009
    Folks. Get real here about the relevant Chinese laws. I'm not exactly, shall we say, a Trump supporter. But on the overall China trade issues he is right. He is right to take on the issue of intellectual property theft and forced technology transfers. Of course, he is executing that policy with lots and lots of incompetence, and worse. But those issues have been there for many years.

    Please, no comments about my politics. As they (used to say) on the old Usenet, "Flames to /dev/null." If you don't know what the usenet was, do a Google search.
     
    mwarps, auntjemima and GoldenTiger like this.
  7. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,865
    Joined:
    Jun 13, 2003
    Drone uses a network connection to talk to your phone as controller --> app on your phone can do whatever it wants with drone data. Really can't see how this is hard to understand.

    No, it may or may not be happening. Fun part? It's only one app update / firmware update away, from a company in China that exists at the pleasure of The Party. Yes, if it were a US company, the same would apply to the USG. No, that doesn't make it better- USG surveillance in the US is assumed. Chinese technology that has a direct line to China doesn't mean that the USG cannot access it, but that both the USG and China can access it, largely at will.

    So yes, for every nation that isn't China, this is a concern.
     
    GoldenTiger likes this.
  8. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,210
    Joined:
    Nov 16, 2009

    Using your phone over wifi is basically the worst option for FPV on the DJIs and I doubt very many people are using that..... Neither the remote or FPV goggles use wifi for the connection and offer longer range and higher resolution.... So the WH run DHS has you scared about something that might/could happen with a firmware update (which would also have to make it into the apple/play store), on a feature almost no one uses with these drones...... I'm sure it has nothing to do with the 'national emergency' that has nothing to do withe the dumb escalating/failing trade war.....
     
  9. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,865
    Joined:
    Jun 13, 2003
    You're making quite a few assumptions. I'd suggest that you avoid doing so.

    Addressing the topic, the drone has a WiFi radio among others. The phone has apps and stack of radios. Any and all of these can be used for signals interception; with multiple drones, they could be used for signals triangulation.

    Note that I'm not saying drones are being used this way or that they most definitely will be used this way, just that having the technology in place as it is presents an exploitable vulnerability.
     
    GoldenTiger likes this.
  10. thebufenator

    thebufenator [H]ard|Gawd

    Messages:
    1,110
    Joined:
    Dec 8, 2004
    Biznatch, stop being obtuse just because you don't like the White House. tds.....

    Chinese companies engage in spying and theft. That's what they do. Its completely logical that a friggin drone that calls back to its mfg in China could be a threat.

    WE ALSO USE DRONES FOR SPYING.
     
    GoldenTiger likes this.
  11. k1pp3r

    k1pp3r [H]ardness Supreme

    Messages:
    7,828
    Joined:
    Jun 16, 2004
    Most DJI's are not FPV. Most are made for photography or stable flight, not fpv flying.

    I have seen a lot of DJI's that connect to ipads or phones over a wifi connection for the video stream while the controller uses a normal 2.4 ghz radio.

    No my Vortex FPV drone uses totally different tech than the DJI drones and does not connect to anything over wifi
     
  12. Eickst

    Eickst [H]ard|Gawd

    Messages:
    1,819
    Joined:
    Aug 24, 2005
    Why does china need a backdoor for this when everyone posts their drone footage on facebook and youtube? It's all publicly accessible most of the time anyway
     
    Silentbob343 likes this.
  13. Rifter0876

    Rifter0876 [H]Lite

    Messages:
    108
    Joined:
    Nov 1, 2017
    Not surprised. So much tech calls home to china its insane, the fact that no one is worried about this just shows how ignorant the general population is regarding security.

    On my local network i employ both a Pi-hole DNS server to eliminate many ads and malware/spyware related sites/ip's as well as geofiltering on my router, i have blocked all china and Russian IP's.

    One look at my log files will tell you that there is ALOT of traffic being blocked trying to call home to china from various IoT devices, even my freaking TV's are trying to call home to china.

    So personally not only do i believe this article but im shocked more people didnt already assume this was happening, i sure did.
     
    GoldenTiger likes this.
  14. thebufenator

    thebufenator [H]ard|Gawd

    Messages:
    1,110
    Joined:
    Dec 8, 2004
    No no man, Orange Man Bad, and everything his administration does is bad :ROFLMAO:
     
    GoldenTiger likes this.
  15. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,210
    Joined:
    Nov 16, 2009
    Just having a Wifi radio doesn't mean anything.... It would have to connect to a device that can act as a proxy giving it internet access to do anything. The app could 'potentially' do that, but it has to be vetted by google/apple to get in the store. Plus there are teams of security people that love to analyze apps to see if they are doing stuff like this. Plus the drones have GPS already, so I have no idea wtf you're talking about with triangulation..... And what possible use could they have for that data even if they were sending it.


    Yes, china has a history of IP theft. A lot of that is self inflicted by companies moving their manufacturing to a country with no IP laws to cut costs. Neither of those are relevant to the factless fear mongering this thread is about.

    And we use MILLITARY drones for 'spying'. Again, irrelevant to the topic.

    tds? People that say that are typically the most uninformed. The only thing I'll say about this is you should get out of your echo chamber and expand your sources.




    Yes, but this goes back to the app that should be vetted for things like this, with explicity permissions the user agrees to when installing. What do the TOS say about the app sending data back to DJI? What kind of data are they sending (if any)? Again, this would be easy for a security engineer to confirm if this was happening.
     
  16. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,865
    Joined:
    Jun 13, 2003
    Your response implies the assumption that perhaps their WiFi radios would behave similarly to ones in phones and laptops and so on. Stop assuming. They'd be able to utilize any unprotected or poorly protected networks for whichever purpose without another device.

    Now, the 'app' can obviously be exploited, but I was very specific above as to what type of exploit I was talking about, and the subject is what the app does with drone data. The app may be limited as to what it can do with other data on the phone, but it owns drone data, and that can be spirited off in a myriad of ways that while likely detectable, may not be detected until it's 'too late'.

    With triangulation, I'm talking about one or more drones using their GPS receivers and other radios to locate and potentially eavesdrop on other things. Like the 'war driving' of old, consumer drones could be used to build a map of signals and locations.

    The issue that you are failing to recognize here is that these companies are quite knowledgable about the process that their apps go through and what may and may not be discovered that's outside of the boundaries that Google sets.

    This isn't so much of an issue today as it is the potential for exploits to be designed to bypass review and discovery, if even for a short period of time, for a strategic purpose.
     
  17. k1pp3r

    k1pp3r [H]ardness Supreme

    Messages:
    7,828
    Joined:
    Jun 16, 2004
    They are vetted, and the app is likely doing exactly what they want it to do.
     
  18. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,210
    Joined:
    Nov 16, 2009
    All of that is a lot of work for data that would be almost useless to them... There are better/easier ways to get more usefull data than hoping the drone will be close enough (<300') to an unsecured hotspot to send gps data and pictures of a hobbyist flying in a park.... Or risking getting their app pulled from all app stores due to it scraping/sending data it wasn't supposed to....


    All I'm saying is this is all speculation that is blown WAY out of proportion, and the timing of the announcement is even more suspect. I'm a devops engineer at a software development company and do plenty of security/network engineering. I'm well aware of the risk of shit calling home, and only allow specific devices/outbound traffic on my home network. I don't trust any of the IOT devices, but the 'information' in this article doesn't worry me. There are too many holes/speculation about what could happen over data that would be mostly useless/easier to obtain though other means.
     
  19. thebufenator

    thebufenator [H]ard|Gawd

    Messages:
    1,110
    Joined:
    Dec 8, 2004



    You are the one who blamed this on Trump and your dislike of his policies :ROFLMAO:
     
    GoldenTiger likes this.
  20. purple_monster

    purple_monster Limp Gawd

    Messages:
    378
    Joined:
    Jun 1, 2018
    HARD to say that I AM surprisEd with the GIVEN leadership FROM our CURRENT president THAT our own DEVICES ARE CALLING HOME CHINA ! !!! this is JUST more evidence THAT WE NEED A RETURN TO NORMALCY!!! OBAMA DEVICES WOULD NEVER TALK TO CHINA THANK YOU GOD BLESS SEMPI FIDE!!!
     
  21. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,210
    Joined:
    Nov 16, 2009
    Just pointing out some facts that should be obvious to anyone paying attention. But I'm not saying anymore on that topic.
     
  22. mnewxcv

    mnewxcv [H]ardness Supreme

    Messages:
    6,333
    Joined:
    Mar 4, 2007
    This thread makes it seem like China is the biggest threat to the people of the United States. Ha.
     
  23. x509

    x509 [H]ard|Gawd

    Messages:
    1,694
    Joined:
    Sep 20, 2009
    The biggest foreign economic threat. The biggest external security threat is clearly Russia. The biggest internal security threat is the neo-Nazis and their ilk.
     
  24. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,865
    Joined:
    Jun 13, 2003
    Honestly, by asking questions here you out yourself as not being at all qualified as to what would be useful and what would be useless, or why. And I'm not even really talking about what a drones camera records, though that certainly is part of it.

    Rather, it's taken you by surprise, but it's really been a problem and a concern for quite some time.

    To expand:

    Well, China is the biggest foreign economic threat today, but this brouhaha isn't just about today. Russia is a declining military power that is also a declining economic power and a declining (or stagnating) technology hub. Aside from their immediate military threat, they're expected to fall further and further behind. Putin running the show has pretty much gotten them technologically isolated.

    But China- while their growth may be slowing, they're not going to stop growing any time soon, and most of their technology is second only to what is available to the US / Korea / Japan. Much of what they really lack technologically is know-how, and that doesn't come quickly. Having the specifications for the F-35, for example, does not allow them to build one. They still buy Russian aircraft despite operating their own assembly lines that produce copies of said aircraft. They still buy jet engines for their indigenous airliners from US companies. Their own are... trash. But unlike Russia, with similarly high geopolitical aspirations, China actually has the capacity to make real headway, and with respect to their love / hate relationship with the US, they need intelligence. Denying them US technology stunts both their geopolitical progress and reduces their avenues for gathering foreign intelligence.

    Further, neo-Nazis are just one category of extremist motivated by hate. Such extremists span ideological views and spectrums, and some aren't really even classifiable except by their plans and actions. We'd be fools to limit our conception of major internal security threats to neo-Nazis or especially to grant them the privilege of being name the 'biggest' threat.
     
    GoldenTiger and Machupo like this.
  25. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,210
    Joined:
    Nov 16, 2009

    That wasn't a question. The only data they could get from a drone would be GPS location and video, from a hobbyist flying around. What part of that data would be useful enough for this amount of effort..... They don't have to 'war drive' for access points, that data is already available online. And even that is useless. They'd be better off using the IOT search engine to find vulnerable devices and exploiting those.....

    And no, it hasn't taken me by surprise because this is nothing but speculation. There is no white paper or any actual facts in the article about it being exploited, just that it COULD happen and we should all be scared of chinese products..... In this scenario, the risk would not be worth the 'award', even if they were streamed all data from your drone in real time...... There are so many IOT devices in peoples lives that have access to FAR more usefull data, I don't understand how were so stuck on this nonsense.


    I don't own any DJI products, but there is nothing here that would deter me from buying one. If they back it up with facts showing malicious activity going on then we can revisit the topic. Until then it's just more 'distractions' from what's really going on.
     
  26. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,865
    Joined:
    Jun 13, 2003
    ...and that's why you're not qualified to speak on the subject.

    Yeah, IoT is getting the same scrutiny, of which a drone more or less is a limited example of.
     
    GoldenTiger likes this.
  27. Biznatch

    Biznatch 2[H]4U

    Messages:
    2,210
    Joined:
    Nov 16, 2009

    Well since you're the expert, then do share what other critical private data the drone has access to that we should be so worried about sending to china? I'll wait....


    By definition a drone is not an IoT device.... Not even a limited example.....
     
  28. mnewxcv

    mnewxcv [H]ardness Supreme

    Messages:
    6,333
    Joined:
    Mar 4, 2007
    Dude get out of the thread. You aren't qualified! :p
     
  29. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,346
    Joined:
    Jul 6, 2013
  30. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,865
    Joined:
    Jun 13, 2003
    It has programmable radios, and with access to GPS, can perform signals intelligence- with more than one drone, basic triangulation of signals is trivial. The data backhaul for such intelligence is miniscule and thus very easy to obfuscate from interception, and the code to do such can be dispersed within firmware to frustrate or even prevent discovery.

    We're not talking about spying on American citizens- that's on the table, but not the real threat. We're talking about consumer drones being used as sigint devices for foreign powers in a very automated fashion with very little warning and very few means to immediately detect.

    And this isn't 'let's all hate on Chinese products!'; this is a tacit and public recognition of the vulnerabilities present in relying on such products, and the very real threat that exploitable consumer drones represent.
     
    GoldenTiger and Machupo like this.
  31. x509

    x509 [H]ard|Gawd

    Messages:
    1,694
    Joined:
    Sep 20, 2009
    OK. Alt-right types in general. White identity types. "Aryans." KKK types. People like that are responsible for 3/4 of the deaths due to domestic terrorism.
     
  32. IdiotInCharge

    IdiotInCharge [H]ardForum Junkie

    Messages:
    9,865
    Joined:
    Jun 13, 2003
    Deaths, perhaps. But the threats are miniscule, and that's what we're talking about. And this is mostly people with mental illnesses acting on hate, or just acting out of their own sociopathic motivations. And we're not talking about a statistically significant number of deaths out of total homicides here.

    Given the events of the last century, the growing hatred coming from the left represents a tremendous internal threat. These dynamics are shifting quickly, and extremism needs to be taken seriously.

    And yes, foreign powers are trying to throw fuel on that fire, and yes, Chinese technology (to include drones) is a real concern.
     
    GoldenTiger likes this.
  33. k1pp3r

    k1pp3r [H]ardness Supreme

    Messages:
    7,828
    Joined:
    Jun 16, 2004
    Well this thread really derailed didn't it? We went from talking about drones to Aryans and KKK
     
    thebufenator likes this.
  34. FNtastic

    FNtastic [H]ard|Gawd

    Messages:
    1,346
    Joined:
    Jul 6, 2013
    This is all totally Networking & Security related :ROFLMAO:

    On a serious note, I'd hope the mods move it to General Mayhem for further discussion, rather than locking it.
     
    thebufenator likes this.
  35. purple_monster

    purple_monster Limp Gawd

    Messages:
    378
    Joined:
    Jun 1, 2018
    hahaha yes! we brought the circus to town!
     
    mwarps likes this.
  36. /dev/null

    /dev/null [H]ardForum Junkie

    Messages:
    13,931
    Joined:
    Mar 31, 2001
    Please don't send your flame posts to me :ROFLMAO::sick:(y)
     
  37. AnIgnorantPerson

    AnIgnorantPerson Limp Gawd

    Messages:
    146
    Joined:
    Jan 10, 2019
    Shouldn't we be more concerned about US blowing up American citizens via drones? (1, 2,...) But I guess it takes a PhD to understand the threat in our backyard and how that violates our inalienable rights?

    What about the spying by our own county? Who is a bigger threat to your freedom? China or the US government (Hint its the domestic one). Just look at how many our government kills/imprisons vs China.

    Never understood how people can't look at things objectively and globally.
     
  38. Alienslare

    Alienslare [H]Lite

    Messages:
    123
    Joined:
    Jan 23, 2016
    Not America but almost every country to which they export has a threat. I cant say much on this forum because its not the right place to discuss vulnerable issues. But i will add this to your knowledge that China takes keen interest in your interest, especially your resources.
    Its not just from technological resources but our stupidity as well.
     
  39. GoldenTiger

    GoldenTiger [H]ard as it Gets

    Messages:
    18,477
    Joined:
    Dec 2, 2004
    You never saw that Russian diplomat video where Obama said he'd have more flexibility for Russia after the election in 2012 did you?
     
    AnIgnorantPerson likes this.
  40. AnIgnorantPerson

    AnIgnorantPerson Limp Gawd

    Messages:
    146
    Joined:
    Jan 10, 2019
    dude his post was pure sock puppet or trolling...I am hoping trolling. Also, Obama was the first President to start murdering Americans via his signature and Obama phones...just saying.