Site icon DRONELIFE

DJI Publishes Security White Paper

Future of Commercial Drones 2024, DJI responds Chinese drone data security
Photograph by D Ramey Logan, CC BY 4.0 

Company Provides Details of DJI’s Security Enhancements and Certifications in Response to Global Data Safety Concern

by DRONELIFE Staff Writer Ian J. McNabb

As tensions rise around the use of Chinese-manufactured drones in critical industries, like first response teams, UAV systems developer DJI recently released a white paper designed to showcase their security features. These include hardware features, like their processor and encryption systems, software options designed to maximize user control, and third-party certifications designed to reassure customers that their data remains safe.

Throughout the white paper, DJI aims to underline that the user is in control of their own encrypted information which is stored entirely locally. The ARM-based chips most DJI drones run on are TrustZone enabled, meaning that processes like booting, updating, and encryption occur entirely within a secure environment. The FIPS 140-2 certified DJI Core Crypto Engine is another tool to protect data, generating secure keys that are then inaccessible to all software to keep data quarantined and safe at all times. 

DJI also highlights the security features within their software, which include storing all data produced outside of China in the US, Japan, or Europe. All drone data shared with DJI is TLS-protected, meaning that its resistant to data breaches and attacks, and all personal information shared with DJI is AES-286 encrypted during storage. Many DJI software projects include “secure modes” that allow DJI only the most necessary data, and their data management team has achieved ISO 27001 certifications underlining their commitment to information security. 

To back up their claims, DJI commissioned two third-party audits in the US and Europe, receiving the (previously mentioned) FIPS 140-2 and ISO 27001 certifications for data security and encryption. FIPS 140-2 is a US government-issued certification that is validated by both the United States and Canada. In addition, they highlighted their bug bounty program, which is designed to find security vulnerabilities by offering rewards for their discovery.

More information on the DJI Drone Security White Paper is available here.

 

 

Exit mobile version