October 18, 2022
A new Cybernews report has found that 80,000 drone IDs were exposed in a data leak after a database containing information from dozens of airspace monitoring devices made by DJI was left accessible to the public. We summarise their findings below…
The Cybernews research team found the database on July 11. In the database they found over 90 million entries of drone-monitoring logs created by more than 60 DJI AeroScope devices. The majority of them were located in the US. It is worth noting that DJI is the largest manufacturer of both drones and the devices that surveil them. AeroScope devices can identify the vast majority of popular drones on the market today.
Why this DJI leak is concerning
Aras Nazarovas, a Cybernews researcher, said that this was particularly concerning: “For people who launch drones in their backyards, there is an added danger of revealing their address, and the fact that they are rich enough to have a DJI drone…and you can see which drone they have.”
The information kept in these logs includes a drone’s position, model and serial number, the position of the drone’s pilot, and home location (usually the point of take-off). No personally identifiable information (PII) was present in the dataset.
DJI has previously said that: “From temporary events like festivals, government events, and major sporting events to fixed sites like airports, prisons, and nuclear power plants, AeroScope is a simple, robust technical solution to provide immediate information about DJI drones in the area – from their flight paths to their pilot locations to their serial numbers.” DJI recently shared that it was used to police the no-fly zone around this year’s Cannes Film Festival.
The company has recently been mired in political controversies. Not to mention that it is already in hot water in the US. Ukraine’s Vice Prime Minister has accused DJI of “allowing Russia to freely use DJI devices, including AeroScope, on Ukrainian soil”. Earlier this month, the US Defense Department added DJI to a list of Chinese entities it believes are connected to the Chinese military. In 2021, the Biden administration blacklisted it for its alleged involvement in the surveillance of the Uyghur Muslim minority in China.
Find the full report here: DJI drone tracking data exposed in US | Cybernews
Featured image credit: Jared Brashier via Unsplash.