Inspire 1 - latest firmware security issues...

[Donnie Frank]

Regarding the latest FW update for the Inspire 1, I just read in another thread:

"For increased safety, the flight is restricted to a height of 30 m and distance of 50 m when not connected or logged into the app during flight, including DJI GO and all apps compatible with DJI aircraft."

I don't have permissions to reply in that thread, plus "security" is a topic all its own, so I started this new thread.

One of my aerial "gigs on the table" is explosion forensics. This would be for a Sandia Lab subcontractor located at Kirtland Air Force Base. Needless to say, all footage/photos would be considered classified. Against my recommendation, they purchased their own Inspire 1. Months later, they have yet to actually fly the beast. But I digress...

I discussed with the client my concern that - unless duly addressed - all telemetry data and photos are going to be sent to a server somewhere in China. Needless to say, they were completely unaware. This is yet ANOTHER reason I have capped FW updates to v1.08 (Controller FW v1.6). With the latest FW update, seems the Chinese are now forcing you to share photos and telemetry data under the guise of safety. Hmmmm...

Other possible security measures...

I have 2 iPads. 1 of them I don't share my flight logs with DJI. When I try to view the flight logs, I'm met with a "Sign In" screen. I think it's a safe assumption that, without signing in, I am NOT sharing data. Added security could be - once the GO app is installed - to simply never connect the iPad via WiFi - and clear any cached data. I can use my original "unsecure" iPad to connect to WiFi to manage FW versions on the controllers. I have read that there's a way to downgrade controller FW versions via USB stick, but haven't tried it yet.

Anyone else doing security-sensitive work that you might not want to share with the Chinese? Thoughts?

 

[William Gaddy]

The answer is... don't fly DJI platforms for this stuff. May not be a popular opinion (considering this is a DJI Inspire message board, after all).

 

[PB30X]

Well if we/any were doing Sensitive and Top Secret missions, sure as hell wouldn't be posting here about it[emoji6]! Safe Flying, SKYNET is watching[emoji50]

 

[NickU]

There's a lot of hysteria and FUD around this IMHO.

AFAIK no telemetry or data is shared with the DJI servers *until* you sync the flight logs. So, if you fly and never sync the logs, then they don't get anything. If you do want to sync some of the flight records, then I'm pretty sure you can also delete flights within the flight record screen and doing so before syncing will not upload those flight records to the DJI servers. You can disable caching and voice recording on the tablet, so you can stop those being recorded too. The only thing you can't stop or wipe is the "black-box" flight logger SD Card bonded to the flight controller - you have to dismantle the aircraft to get at that. You can review those records via Assitant, but you can't overwrite them - that only happens when the card itself fills up and the next flight will automatically overwrite the oldest flights as needed for space.

I also think that the latest sign-in requirement on DJI Go is to enforce the DJI Geo fencing and to make sure you have the correct Geo data for the area you are in, with emphasis on China. My guess is that the Chinese authorities have put their foot on DJI's corporate neck (and probably other Chinese drone makers) after a couple of incidents in China last year and over security for the Hong Kong Handover celebrations, and that they've made DJI ensure that their security forces can lockdown areas and catch whoever tries to circumvent their lockdowns in China - I think they've probably had a relatively relaxed view of it until the incident with the guy videoing the aircraft landing, and that that woke (and shook) them up a bit!

Your cell phone and cell phone company has a lot of info about your movements, contacts etc too... pretty much anything we use these days that's electronic leaves a 'footprint' of some sort (That's another reason governments and banks want to do away with cash).

 

[Donnie Frank]

The answer is... don't fly DJI platforms for this stuff. May not be a popular opinion (considering this is a DJI Inspire message board, after all).

Which platform do you suggest? I chose the Inspire 1, v2.0 platform because it has not only become an industry standard, but because of its feature set and rock-solid reliability. If you can suggest a rider-friendly platform with the same track record (flight hours), reliability and feature set, I'm all ears. I'm sure we all are.

 

[Donnie Frank]

Well if we/any were doing Sensitive and Top Secret missions, sure as hell wouldn't be posting here about it[emoji6]! Safe Flying, SKYNET is watching[emoji50]

Nobody posted any sensitive information here. Simply STATING that one is going to fly data-sensitive missions does not a breech-in-security make.

 

[Donnie Frank]

There's a lot of hysteria and FUD around this IMHO.

AFAIK no telemetry or data is shared with the DJI servers *until* you sync the flight logs.

These are my thoughts, as well.

So, if you fly and never sync the logs, then they don't get anything.

While it's reasonable to assume this, my objective is to open a dialog with someone more in-the-know. Either a DJI expert or Mac expert who is more versed in the ins and outs of all this cloud/data/telemetry stuff.

If you do want to sync some of the flight records, then I'm pretty sure you can also delete flights within the flight record screen and doing so before syncing will not upload those flight records to the DJI servers.

With all due respect, being "pretty sure" won't be good enough for my client. I need to be absolutely and sure, and need to present proof by showing what's going on under the hood. While it's easy to turn off the WiFi during flight, I'm not sure if DJI digs its fingers into the data as soon as I reconnect to the iPad Internet. And while it's probably a good assumption that, without a login to DJI, that data is probably NOT being transferred, I simply have no guarantee of that. Too many things go on "under the hood" of this iPad thing. If I were working in the Windows environment, this would be a piece of cake. But it's iOS on an iPad.

You can disable caching and voice recording on the tablet, so you can stop those being recorded too.

LOL...that's funny. Voice recording??? My freakin' iPad is recording my voice??? What/when/why/how does this happen? Thank you for bringing this to my attention. The camera can be easily disabled with a piece of tape. The microphone may require a drop of glue or something. Interesting.

The only thing you can't stop or wipe is the "black-box" flight logger SD Card bonded to the flight controller - you have to dismantle the aircraft to get at that.

I'm aware of the "black box," but it's my understanding that this data can only be retrieved manually by the user. I have read several threads where Inspire pilots had to manually extract this data (via the USB port, I believe), record it and upload it to DJI. If DJI had unfettered access to this data, customers wouldn't have to go through that whole rigamarole.

You can review those records via Assitant, but you can't overwrite them - that only happens when the card itself fills up and the next flight will automatically overwrite the oldest flights as needed for space.

Interesting. I'll read up on this. Thanx for bringing it to my attention. This is EXACTLY why I posted this issue in this forum.

I also think that the latest sign-in requirement on DJI Go is to enforce the DJI Geo fencing and to make sure you have the correct Geo data for the area you are in, with emphasis on China. My guess is that the Chinese authorities have put their foot on DJI's corporate neck (and probably other Chinese drone makers) after a couple of incidents in China last year and over security for the Hong Kong Handover celebrations, and that they've made DJI ensure that their security forces can lockdown areas and catch whoever tries to circumvent their lockdowns in China - I think they've probably had a relatively relaxed view of it until the incident with the guy videoing the aircraft landing, and that that woke (and shook) them up a bit!

Agree with everything you wrote here. The easy work-around is to simply not update your bird past FW v1.08 (controller v1.6). IMHO, this is, by far, the best FW version. I have no plans of updating past this version.

Your cell phone and cell phone company has a lot of info about your movements, contacts etc too...

This is just one reason of MANY why I still use a flip phone. And, unlike the rest of free society, I am NOT married to being in constant contact with the world. Generally speaking, when I know I'm going to be flying for long periods of time (like on a film set), I turn my cell phone OFF. And, unlike these **** smart phones, when it's off, it is OFF. Not "sleeping" or some other subtle permutation of "Off."

pretty much anything we use these days that's electronic leaves a 'footprint' of some sort (That's another reason governments and banks want to do away with cash).

Love the flip phone. I can even remove the battery if I wish.

Thanx for the information and insight you provided here today.

 

[NickU]

While it's reasonable to assume this, my objective is to open a dialog with someone more in-the-know. Either a DJI expert or Mac expert who is more versed in the ins and outs of all this cloud/data/telemetry stuff.

With all due respect, being "pretty sure" won't be good enough for my client. I need to be absolutely and sure, and need to present proof by showing what's going on under the hood. While it's easy to turn off the WiFi during flight, I'm not sure if DJI digs its fingers into the data as soon as I reconnect to the iPad Internet. And while it's probably a good assumption that, without a login to DJI, that data is probably NOT being transferred, I simply have no guarantee of that. Too many things go on "under the hood" of this iPad thing. If I were working in the Windows environment, this would be a piece of cake. But it's iOS on an iPad.

Easy enough, go use Airdata and try and sync the flight logs without them first being synced with DJI, you won't see the flight logs appear in airdata until you've synced them with dji.

If you really want to be sure, then go hire someone with a packet sniffer and monitor the wifi connection from your tablet to either your wifi or cell net, they can see and collect the data packets from the tablet, and then analyse them for you.

The size of the flight logs, if they were automatically sync'd as soon as the tablet got a net connection , then there'd be a ton of people complaining loudly about DJI Go busting their data allowances on their mobile contracts.... I've yet to hear that one on the interwebs

LOL...that's funny. Voice recording??? My freakin' iPad is recording my voice??? What/when/why/how does this happen? Thank you for bringing this to my attention. The camera can be easily disabled with a piece of tape. The microphone may require a drop of glue or something. Interesting.

It was introduced a couple of versions of DJI Go ago. Not sure if it's Go 4 only or if it's in Go 3 too. It records using the tablet mic, there's a software toggle switch in one of the settings pages that disables the feature, somewhere round the caching options I think. It's there for the internet youngsters that like to use DJI Go editor to record and publish their lives . It could actually be slightly useful to allow you to record the sound onto the low res 720/1080p downlink video to help you sync the drone footage in post later if you where filming someone with speaking parts (over the drone noise ).

I'm aware of the "black box," but it's my understanding that this data can only be retrieved manually by the user. I have read several threads where Inspire pilots had to manually extract this data (via the USB port, I believe), record it and upload it to DJI. If DJI had unfettered access to this data, customers wouldn't have to go through that whole rigamarole.

No DJI don't have unfettered access to it, but anyone that has physical access to the drone does. Could be an issue for some people/customers. I'm aware law enforcement have used it in 'forensics' in the UK to help convict someone flying contraband into prisons.

Interesting. I'll read up on this. Thanx for bringing it to my attention. This is EXACTLY why I posted this issue in this forum.

It's basically a FIFO recorder... first in, first out. The SD Card is glued into the carrier on the aircraft controller.

This is just one reason of MANY why I still use a flip phone. And, unlike the rest of free society, I am NOT married to being in constant contact with the world. Generally speaking, when I know I'm going to be flying for long periods of time (like on a film set), I turn my cell phone OFF. And, unlike these **** smart phones, when it's off, it is OFF. Not "sleeping" or some other subtle permutation of "Off."

Love the flip phone. I can even remove the battery if I wish.

The cells you travel through still triangulate you, up until you power it down, then you're off system. You still leave a trail of other records via number plate recognition, passenger flight records, credit/debit card use, CCTV, e-mail contacts before/after an event. The trail of insignificant (only on their own!) breadcrumbs is hard to avoid these days. Given enough of the crumbs, someone can put together a pretty accurate guess of what you're up to

Thanx for the information and insight you provided here today.

You're welcome. If you're not familiar with 1984 and Brazil, then go check out Terry Gilliam's movie 'Brazil', it's a black humour take on Orwell's 1984.... but it's scary how many parallels there are with modern life!

 

[The Editor]

Regarding the latest FW update for the Inspire 1, I just read in another thread:

"For increased safety, the flight is restricted to a height of 30 m and distance of 50 m when not connected or logged into the app during flight, including DJI GO and all apps compatible with DJI aircraft."

I don't have permissions to reply in that thread, plus "security" is a topic all its own, so I started this new thread.

One of my aerial "gigs on the table" is explosion forensics. This would be for a Sandia Lab subcontractor located at Kirtland Air Force Base. Needless to say, all footage/photos would be considered classified. Against my recommendation, they purchased their own Inspire 1. Months later, they have yet to actually fly the beast. But I digress...

I discussed with the client my concern that - unless duly addressed - all telemetry data and photos are going to be sent to a server somewhere in China. Needless to say, they were completely unaware. This is yet ANOTHER reason I have capped FW updates to v1.08 (Controller FW v1.6). With the latest FW update, seems the Chinese are now forcing you to share photos and telemetry data under the guise of safety. Hmmmm...

Other possible security measures...

I have 2 iPads. 1 of them I don't share my flight logs with DJI. When I try to view the flight logs, I'm met with a "Sign In" screen. I think it's a safe assumption that, without signing in, I am NOT sharing data. Added security could be - once the GO app is installed - to simply never connect the iPad via WiFi - and clear any cached data. I can use my original "unsecure" iPad to connect to WiFi to manage FW versions on the controllers. I have read that there's a way to downgrade controller FW versions via USB stick, but haven't tried it yet.

Anyone else doing security-sensitive work that you might not want to share with the Chinese? Thoughts?

The latest (as well as more recent) firmware has nothing more to do with it than previous app versions.
The DJI Go app (and Go 4) has been reporting back to DJI pretty much from day one. It is doing this behind the scenes and you agreed to this when you clicked the EULA.
This has been discussed previously as well.
DJI Go App and Your Privacy

Additionally....These are all the connections the app make, or attempts to (outside of those you need for maps).

•mydjiflight.dji.com
•newrelic.com - app analytics
•djistatic.com
•flurry.com - Mobile analytics company
•conf.international.baidu.com
•baidu.com
•qbox.me (via qbox.wscdns.com) •upgrade.dj2006.net
•pingma.qq.com
•u.dji.com
•acbe.aasky.net -type this one in a browser for a nice scare.
•tpns.qq.com
•dds.dji.com
•pilotv2.djivideos.com
•active.dji.com
•m.dji.com
•djicdn.com
•www.skypixel.com
•djiexplore.com
•flysafe-api.dji.com

It's very simple. If you are unhappy about what is being reported back then fly a non DJI platform.

As an aside, I would be very surprised if any commercial activity within an explosive environment would not require the UAV to be ATEX certified (which none of the DJI platforms are). This is to ensure there are no ignition sources that could potentially come from any part of the aircraft.
I'm guessing explosive forensics will require flights in some volatile environments? Anything DJI would not be suitable.

 

[Donnie Frank]

The latest (as well as more recent) firmware has nothing more to do with it than previous app versions.
The DJI Go app (and Go 4) has been reporting back to DJI pretty much from day one. It is doing this behind the scenes and you agreed to this when you clicked the EULA.
This has been discussed previously as well.
DJI Go App and Your Privacy

Additionally....These are all the connections the app make, or attempts to (outside of those you need for maps).

•mydjiflight.dji.com
•newrelic.com - app analytics
•djistatic.com
•flurry.com - Mobile analytics company
•conf.international.baidu.com
•baidu.com
•qbox.me (via qbox.wscdns.com) •upgrade.dj2006.net
•pingma.qq.com
•u.dji.com
•acbe.aasky.net -type this one in a browser for a nice scare.
•tpns.qq.com
•dds.dji.com
•pilotv2.djivideos.com
•active.dji.com
•m.dji.com
•djicdn.com
•www.skypixel.com
•djiexplore.com
•flysafe-api.dji.com

It's very simple. If you are unhappy about what is being reported back then fly a non DJI platform.

The explosion forensics company in question purchased the Inspire 1. They haven't flown it yet. I assume they made their choice based on much research. These are NOT stupid people. They came to me with questions about the Inspire. This forum is layer one of a multi-layer research regimen. I appreciate the information you provided.

As an aside, I would be very surprised if any commercial activity within an explosive environment would not require the UAV to be ATEX certified (which none of the DJI platforms are). This is to ensure there are no ignition sources that could potentially come from any part of the aircraft.
I'm guessing explosive forensics will require flights in some volatile environments? Anything DJI would not be suitable.

Based on their purchase choice, I can only assume they have either ATEX certified the Inspire or don't care about ATEX certification. They're not igniting volatile gases. They're detonating conventional ordnance under ground and occasionally conducting missile forensics. The drone will probably come into play for the former for "before" and "after" shots of the affected area (photogrammetry and/or ortho photography). For real-time forensics, they're talking about flying high-speed Phantom cameras (no relation to DJI Phantoms) in the not-too-distant future, which will require a heavy lifter. All of this is very much in the planning stages. My research here is just the tip of the iceberg.

My next mission may be to either find a third-party telemetry app for the Inspire, or a hack to shut off all the file sharing crap. They already own an Inspire 1. So, for the moment, we're moving forward with that platform. We'll see where my research takes me.

Thanx, again, for your help.

 

[NickU]

Simply buy a wifi only iPad/tablet, install DJI Go on it, set it up with a sacrificial user ID, sign in once to remove any geo-fence limits, then remove the wifi connection from the iPad/tablet. After that, fly with the air-gapped system and never resync or reconnect with the network. That way it can never send anything outbound. You could probably set up a tablet provisioning system that would wipe/install a fresh image each time.

If you need to update, then use another iPad or first wipe and reinstall everything afresh.

 

[Donnie Frank]

Simply buy a wifi only iPad/tablet, install DJI Go on it, set it up with a sacrificial user ID, sign in once to remove any geo-fence limits, then remove the wifi connection from the iPad/tablet. After that, fly with the air-gapped system and never resync or reconnect with the network. That way it can never send anything outbound. You could probably set up a tablet provisioning system that would wipe/install a fresh image each time.

If you need to update, then use another iPad or first wipe and reinstall everything afresh.

I thought about purchasing a "sacrificial lamb" iPad. That sounds like a good idea and probably the best, most secure option.