UAS COE Report

As referenced in our ViewPoints blog post, cybersecurity firm Booz Allen Hamilton, on behalf of PrecisionHawk's Unmanned Aerial Intelligence Technology Center of Excellence (UAS COE), recently conducted risk assessment testing and analysis of three DJI commercial drone products: The Government Edition Mavic Pro, Government Edition Matrice 600 Pro, and the Mavic 2 Enterprise. Today, the UAS COE released an executive summary of the audit which we encourage all customers to read fully.

DJI works closely with customers, security experts and government authorities to address safety, security and privacy concerns, and we welcome the findings of this independent audit. In summary, the audit discovered several low or moderate severity threat vectors that pose generally low risk to DJI users but directly found no evidence that the data or information you collect when using this DJI technology is being transmitted to DJI or China. As Booz Allen wrote, all but two of these threat vectors "require either physical access to the drone, or (in the case of #6) for the attacker to be located within radio range of the drone's radio signal during its operation" and this threat vector can be significantly reduced with additional security measures and best practices.

When conducting cybersecurity testing, it is generally assumed that some vulnerabilities will exist. Peer reviewable security is the gold standard in getting these vulnerabilities patched in a controlled and managed process. We make it a priority to address every single vulnerability in an open and transparent manner as part of our mission is to strengthen trust, data security, your privacy and airspace safety. We have already implemented measures to address many of the threat vectors identified in the report including numbers 8 and 9, and we are actively working on the others like numbers 5 and 7.