US Navy Memo Raised Cybersecurity Concerns About DJI Drones (Dec 16, 2019)
A classified memo has been released by the U.S. Army supporting a decision made in 2017 to discontinue the use of drones made by the Chinese manufacturer, DJI. The previous U.S. Navy memo was released in 2017 and cited a number of risks associated with the DJI products. It drew attention to open source reports which highlighted how a data link from the ground station was vulnerable. The vulnerability meant that malicious actors could upload images, videos and telemetry to servers discreetly, and highlighted uncertainty over how electromagnetic interference could result in loss of control. DJI is one of the world’s largest manufacturers of drones. In May 2019, the U.S. Department of Homeland Security (DHS) further warned that sensitive data could be being sent back to manufacturers in China, which in turn can be accessed by the government.
Recommendation: Threat actors are willing to go to great lengths to abuse trust relationships in supply-chain attacks. Supply chains are complex and often involve multiple trusted third parties that the target organisation might not even be aware of. Adversaries will seek to gain an advantage, which is why the possibility of data being sent back to China is a concern for the United States. Organisations should take care to categories critical suppliers and trusted third parties, and appropriately apply measures to minimize risks. Suppliers should be able to provide proof that they are operating within information security standards such as ISO27001.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.