SOURCE / COMPANIES
DJI responds alleged security weakness ‘hypothetical,’ unexploited
Published: Jul 27, 2020 02:38 PM

A drone sows rice seeds in Shuikou Township of Kaiping, south China's Guangdong Province, Feb. 26, 2020. A demonstration field project, a cooperation between Chinese drone maker DJI and a local agricultural cooperative, started sowing operation on Wednesday with the help of drones. (Xinhua/Mao Siqian)



 Chinese drone maker DJI said safety weaknesses allegedly affecting hundreds of thousands of customers across the world are typical software concerns and there is no evidence showing they have been exploited, the company told the Global Times on Monday, responding to recent research reports. 

The safety weaknesses in question were reported by researchers from cybersecurity firms Synacktiv and Grimm, one based in France and the other in the US. 

The reports claim the Android version of the popular DJI Go 4 app, which allows users to control their drones, collects large amounts of user data that could be exploited by the government. 

The app has been downloaded more than 1 million times from Google Play and, according to Synacktiv and Grimm, the information collected by DJI can be updated without review from Google, potentially violating Google's terms of services. 

However, a source close to the matter told the Global Times that the reports were baseless and a sign that the US is attacking China by hitting Chinese tech companies. 

According to information DJI sent to the Global Times, the company is only providing additional APK updates and download services to users without access to Google Play, and is not intentionally violating Google's terms of services. 

DJI also said the reported software vulnerability is only "hypothetical" and the reports contained nothing relating to or contradicting previous reports from the US Department of Homeland Security, which found no evidence of any unexpected data transmission from the apps designed for government and professional customers. 

In its statement, the company said the app's update function, which Synacktiv and Grimm see as a violation of security terms, serves an important safety role in mitigating the use of hacked apps that seek to override geofencing or altitude limitation features, so that the safety features in the users' drones cannot be overridden by any hacked version. 

Global Times