DJI has responded to recent publicity surrounding the hacking of its drones with a firmware update.
It’s no revelation that the Chinese manufacturer has been targeted by hackers in recent weeks. Many are looking to bypass the Geo system that grounds pilots in predetermined no-fly zones and places an altitude limit on flights. Equally, many are revelling in the challenge of taking on the industry leader, actively protesting against the perceived injustice of Geo and highlighting the company’s security flaws in the most public way possible.
Today, DJI has claimed that “a recent firmware update issued for all DJI drones fixes reported issues and ensures DJI’s products continue to provide information and features supporting safe flight.”
So should we take it to mean that this is the end of the DIY DJI hack scene? Somehow, we doubt it’s going to be that simple.
Indeed, the statement continues:
DJI will continue to investigate additional reports of unauthorized modifications and issue software updates to address them without further announcement. Unauthorized modifications to the hardware or software of DJI drones may negatively affect their performance. Any damage or malfunction caused by such modifications will not be covered under DJI warranty policies.
In a Motherboard article a matter of days ago, DJI was quoted as saying that it would “issue software updates to address them [hackers] without further announcement.” A few weeks later, here we are with a further announcement. So what’s changed?
Speaking to DroneLife, DJI suggested that the timing of the statement was more about clarification, and that although similar comments had been made to individual publications in the past, “we realized it needed a home on the website so we could refer to it and link to it.”
Hackers raise questions over liability and warranties
It also seems as though it’s starting to dawn on DJI headquarters that liability is a serious issue here. A higher number of DJI pilots flying above the recommended FAA altitude and into potentially dangerous no-fly zones increases the likelihood that something serious could happen. As we’ve mentioned before, the industry as a whole stand to lose out whenever there’s a negative story, so erring on the side of caution is a position we can understand.
As well as that, the company wants to make it clear that modifications to its drones will void their warranties and potentially cause flight instability.
But another clue might be in the quote provided by DJI’s security director, Victor Wang, who ‘reiterated that DJI’s geofencing features (which provide “no fly zone” data) are designed specifically to provide information to DJI customers about airspace where drone flight raises serious safety or security concerns. He also said that DJI continually monitors reports of modifications to its drones that might make their operations incompatible with drone safety best practices.’
It’s interesting here that the rhetoric speaks about ‘providing information’ and ‘providing no fly zone data’. There’s certainly a feeling among the pilot community that DJI can tend toward misrepresenting Geo. The feature definitely goes further than providing information and being advisory. We don’t think that’s a bad thing necessarily, but it would be good if the company was bolder in admitting so.
“We always encourage our customers to strictly follow their local rules and regulations about drone use so that everyone can enjoy safe skies that are open to innovation,” Mr. Wang added. “Unauthorized modification of a DJI drone is not recommended, as it can cause unstable flight behavior that could make operating the drone unsafe. DJI is not responsible for the performance of a modified drone and we strongly condemn any user who attempts to modify their drone for illegal or unsafe use.”
The statement also links to the following tutorial, which details how DJI pilots can unlock no-fly-zones:
The statement concludes:
Users who have authorization to fly in restricted areas can either unlock these zones using DJI’s GEO system or by submitting a request to flysafe@dji.com. DJI offers a robust software development kit (SDK) for creating customized software using its platforms.
Final thoughts
Having spoken with some of the hackers busy exploiting DJI’s security, it certainly doesn’t look as though this update will be the nail in the coffin for the emerging DJI mod scene.
What wasn’t mentioned in the statement was the fact that downgrades to older DJI firmware are now widely available. So even with new updates pushed, the hacker community can continue to tweak features for the Mavic Pro, Inspire, Spark and many of DJI’s other models.
According to one who spoke with Dronelife, “Their comment was completely worthless and, more importantly… the actual update came out weeks ago… we’ve been hacking along ever since… no one in our group cares at all. We are doing what ever we want, swapping out firmware versions like underwear day by day.”
“Literally none of what they wrote matters in the face of downgrades via [available exploits such as] DUMLdore, Pyduml and DUMLrub.”
Malek Murison is a freelance writer and editor with a passion for tech trends and innovation. He handles product reviews, major releases and keeps an eye on the enthusiast market for DroneLife.
Email Malek
Twitter:@malekmurison
Subscribe to DroneLife here.
[…] looks like an amicable relationship is developing between DJI and the same hackers the company was fighting against not so long ago. Successful bug finders have also been asked to refrain from discussing the details […]